6412 matches found
EUVD-2026-42143
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...
CVE-2026-60000
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...
CVE-2026-59999
CVE-2026-59999 affects OpenSSH sshd prior to 10.4, where the intended precedence of DisableForwarding=yes over PermitTunnel=yes did not hold. The available documents confirm the root cause is an ordering/precedence bug in sshd, but do not provide concrete details on affected product versions beyo...
EUVD-2026-42142
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
CVE-2026-59999
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
CVE-2026-59999
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
CVE-2026-59998
OpenSSH sshd (CVE-2026-59998) affects builds before 10.4. The issue is an undocumented security-relevant behavior where GSSAPIStrictAcceptorCheck has no value when the server runs in Windows Active Directory. CVSS v3.1 base score 4.8 (Medium) and impact on confidentiality/integrity (Low) with net...
EUVD-2026-42141
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...
CVE-2026-59998
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...
CVE-2026-59997
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...
CVE-2026-59997
The CVE affects OpenSSH’s internal-sftp helper invoked by sshd, where the process only parses the first 9 command-line arguments. This is tied to OpenSSH before version 10.4. According to the description, this could undermine intended security properties of an SFTP connection if a later argument ...
CVE-2026-59997
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...
CVE-2026-59996
OpenSSH SCP flaw: OpenSSH versions before 10.4 allow a file to be placed in the parent directory of the target when copying between two remote destinations. Root cause is described in the OpenSSH release notes; remediation is to upgrade to OpenSSH 10.4p1 or later (fixed in 10.4p1). No exploit det...
CVE-2026-59996
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...
EUVD-2026-42138
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...
CVE-2026-59996
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...
CVE-2026-59996
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...
CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
EUVD-2026-42137
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...