Lucene search
K

95 matches found

RedHat Linux
RedHat Linux
added 6 days ago2 views

openssh: OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options

A flaw was found in sshd, the OpenSSH server daemon. When DisableForwarding=yes is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over PermitTunnel=yes. This allows a remote attacker to bypass intended security restrictions and establish a tunnel,...

7.5CVSS6.1AI score0.0014EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/07/08 5:38 a.m.7 views

CVE-2026-59999

A flaw was found in sshd, the OpenSSH server daemon. When DisableForwarding=yes is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over PermitTunnel=yes. This allows a remote attacker to bypass intended security restrictions and establish a tunnel,...

7.5CVSS6AI score0.0014EPSS
Exploits0References6
NVD
NVD
added 2026/07/08 1:16 a.m.7 views

CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS0.0014EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56292

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The sshd component does not consistently adhere to the minimum authentication delay, which is a mechanism designed to slow down authentication attempts to prevent brute-force attacks. Recommendations...

9.4CVSS6.1AI score0.00407EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-9103

Malware in sbrugna...

4CVSS6.2AI score0.01833EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-27071

Malware in sbrugna...

5.9CVSS5.9AI score0.00523EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.29 views

EUVD-2019-17172

Malware in sbrugna...

8.1CVSS8AI score0.01202EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-57909

Malicious code in bioql PyPI...

4.9CVSS5AI score0.00207EPSS
Exploits1References4
Fedora
Fedora
added 2025/05/23 3:57 a.m.18 views

[SECURITY] Fedora 41 Update: openssh-9.9p1-4.fc41

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

4.3CVSS7.4AI score0.00172EPSS
Exploits0
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.255 views

OpenSSH server (sshd) 9.8p1 - Race Condition

Exploit Title : OpenSSH server sshd 9.8p1 - Race Condition Author : Milad Karimi Ex3ptionaL Date : 2025-04-16 Description: Targets a signal handler race condition in OpenSSH's server sshd on glibc-based Linux systems. It exploits a vulnerability where the SIGALRM handler calls async-signal-unsafe...

7AI score
Exploits0
NVD
NVD
added 2025/04/15 7:16 p.m.13 views

CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...

4.9CVSS0.00207EPSS
Exploits1References3
OSV
OSV
added 2025/04/15 7:16 p.m.6 views

DEBIAN-CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...

4.9CVSS5.3AI score0.00207EPSS
Exploits1References1
OSV
OSV
added 2025/04/15 7:16 p.m.18 views

CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...

4.9CVSS7AI score0.00207EPSS
Exploits1References3
Snyk
Snyk
added 2025/04/10 1:49 a.m.2 views

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation due to the behavior of the DisableForwarding directive in sshd8, which fails to disable X11 forwarding and agent forwarding by default. An attacker can bypass intended security restrictions. Remediation A fix...

5.1CVSS6.9AI score0.00172EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/03/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

7CVSS5.8AI score0.27935EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.8 views

The vulnerability of the OpenSSH server, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the OpenSSH server security tool is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

5.9CVSS7AI score0.38474EPSS
Exploits4References7Affected Software4
Qualys Blog
Qualys Blog
added 2025/02/18 9:4 a.m.27 views

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466

The Qualys Threat Research Unit TRU has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, affects both the OpenSSH client and...

6.8CVSS7AI score0.38474EPSS
Exploits5
OpenVAS
OpenVAS
added 2024/10/09 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2511)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.2AI score0.27935EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.1324 views

SSH Username Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...

5.9CVSS7.3AI score0.98631EPSS
Exploits41
OpenVAS
OpenVAS
added 2024/08/20 12:0 a.m.47 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2184)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.4AI score0.99506EPSS
Exploits69References2
Rows per page
Query Builder