49 matches found
DEBIAN-CVE-2026-59999
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
CVE-2026-60000
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...
PT-2026-51472
Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description A heap out-of-bounds read occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the...
OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option
A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...
RockyLinux 10 : openssh (RLSA-2026:19069)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19069 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...
RLSA-2025:23480 Moderate: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016495)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016495 advisory. In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the...
CVE-2026-35385
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...
OpenSSH 安全漏洞
OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada, designed for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...
Unity Linux 20.1070a Security Update: openssh (UTSA-2026-006246)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006246 advisory. ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Tenable has extracted the...
EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-1614)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to...
CVE-2025-69426
The CVE-2025-69426 issue affects Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0. An initialization script contains hardcoded OS user credentials, enabling authentication even though SCP and pseudo-TTY are disabled. The SSH service is network-accessible without IP-based restriction...
EulerOS Virtualization 2.13.0 : openssh (EulerOS-SA-2025-2612)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources,...
RHSA-2025:23481 Red Hat Security Advisory: openssh security update
Bulletin has no description...
OESA-2025-2646 openssh security update
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...
Alibaba Cloud Linux 3 : 0161: openssh (ALINUX3-SA-2025:0161)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0161 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-26465: A vulnerability was found in OpenSS...
Exploit for Use After Free in Microsoft
CVE-2025-27480 CVE‑2025‑27480 – Remote Code Execution in O...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
March 11, 2025—KB5053596 (OS Build 17763.7009) - EXPIRED
None None...
March 11, 2025—KB5053599 (OS Build 25398.1486)
None None...