Lucene search
+L

6412 matches found

euvd
euvd
added 2026/07/08 12:14 a.m.8 views

EUVD-2026-42143

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS6AI score0.00407EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/07/08 12:14 a.m.5 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

7.5CVSS6AI score0.00407EPSS
Exploits0References3
cve
cve
added 2026/07/08 12:13 a.m.57 views

CVE-2026-59999

CVE-2026-59999 affects OpenSSH sshd prior to 10.4, where the intended precedence of DisableForwarding=yes over PermitTunnel=yes did not hold. The available documents confirm the root cause is an ordering/precedence bug in sshd, but do not provide concrete details on affected product versions beyo...

7.5CVSS5.9AI score0.0014EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/07/08 12:13 a.m.7 views

EUVD-2026-42142

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

5.9CVSS5.9AI score0.0014EPSS
Exploits0References3
debiancve
debiancve
added 2026/07/08 12:13 a.m.7 views

CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS5.9AI score0.0014EPSS
Exploits0
cvelist
cvelist
added 2026/07/08 12:13 a.m.133 views

CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

5.9CVSS0.0014EPSS
Exploits0References3
cve
cve
added 2026/07/08 12:11 a.m.45 views

CVE-2026-59998

OpenSSH sshd (CVE-2026-59998) affects builds before 10.4. The issue is an undocumented security-relevant behavior where GSSAPIStrictAcceptorCheck has no value when the server runs in Windows Active Directory. CVSS v3.1 base score 4.8 (Medium) and impact on confidentiality/integrity (Low) with net...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/07/08 12:11 a.m.17 views

EUVD-2026-42141

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

4.8CVSS5.9AI score0.00179EPSS
Exploits0References3
osv
osv
added 2026/07/08 12:11 a.m.3 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

4.8CVSS6.1AI score0.00179EPSS
Exploits0References5
osv
osv
added 2026/07/08 12:9 a.m.2 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS6.1AI score0.00177EPSS
Exploits0References5
cve
cve
added 2026/07/08 12:9 a.m.91 views

CVE-2026-59997

The CVE affects OpenSSH’s internal-sftp helper invoked by sshd, where the process only parses the first 9 command-line arguments. This is tied to OpenSSH before version 10.4. According to the description, this could undermine intended security properties of an SFTP connection if a later argument ...

5.4CVSS6AI score0.00177EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/07/08 12:9 a.m.132 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS0.00177EPSS
Exploits0References3
cve
cve
added 2026/07/08 12:7 a.m.83 views

CVE-2026-59996

OpenSSH SCP flaw: OpenSSH versions before 10.4 allow a file to be placed in the parent directory of the target when copying between two remote destinations. Root cause is described in the OpenSSH release notes; remediation is to upgrade to OpenSSH 10.4p1 or later (fixed in 10.4p1). No exploit det...

5.4CVSS6AI score0.00241EPSS
Exploits0References3Affected Software1
debiancve
debiancve
added 2026/07/08 12:7 a.m.5 views

CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

5.4CVSS6AI score0.00241EPSS
Exploits0
euvd
euvd
added 2026/07/08 12:7 a.m.7 views

EUVD-2026-42138

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

4.2CVSS6AI score0.00241EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/08 12:7 a.m.126 views

CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

4.2CVSS0.00241EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/07/08 12:7 a.m.5 views

CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

5.4CVSS6AI score0.00241EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/08 12:4 a.m.125 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS0.00241EPSS
Exploits0References3
euvd
euvd
added 2026/07/08 12:4 a.m.7 views

EUVD-2026-42137

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS6AI score0.00241EPSS
Exploits0References3
debiancve
debiancve
added 2026/07/08 12:4 a.m.5 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6AI score0.00241EPSS
Exploits0
Rows per page
Query Builder