Lucene search
K

6380 matches found

OSV
OSV
added 2026/06/24 3:22 p.m.3 views

OPENSUSE-SU-2026:21044-1 Security update for openssh

This update for openssh fixes the following issues Security fixes: - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35388: omitted connection multiplexing confirmation for proxy-mode multiplexing sessions bsc1261441. - openssh...

8.2CVSS7.1AI score0.0218EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in OpenSSH

There is a vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The use of sshpktdisconnect on an error condition, which does n...

8.2CVSS7AI score0.0218EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 6:0 a.m.3 views

SUSE-SU-2026:2515-1 Security update for openssh, openssh-askpass-gnome

This update for openssh, openssh-askpass-gnome fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430...

8.1CVSS6AI score0.00419EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 4:17 a.m.19 views

CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS0.00367EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 4:17 a.m.16 views

CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

6.1CVSS0.0009EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 4:17 a.m.12 views

CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

6.5CVSS0.00242EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 4:17 a.m.4 views

UBUNTU-CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

6.1CVSS5.7AI score0.0009EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 4:17 a.m.4 views

UBUNTU-CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 4:17 a.m.4 views

UBUNTU-CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

6.5CVSS5.8AI score0.00242EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/23 3:37 a.m.6 views

CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/23 3:37 a.m.60 views

CVE-2026-55654 Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS0.00367EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/23 3:37 a.m.5 views

CVE-2026-55654 Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References3
CVE
CVE
added 2026/06/23 3:37 a.m.89 views

CVE-2026-55654

CVE-2026-55654 describes a heap out-of-bounds read in OpenSSH during GSSAPI indicator cleanup when a trailing NULL termination is missing in the auth-indicators array. A remote attacker in configurations using GSSAPI authentication with Kerberos could trigger a crash/abort in the SSH authenticati...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References3Affected Software3
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.11 views

CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/23 3:36 a.m.11 views

CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

6.1CVSS5.7AI score0.0009EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/23 3:36 a.m.68 views

CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS0.0009EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 3:36 a.m.6 views

CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS5.7AI score0.0009EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 3:36 a.m.9 views

EUVD-2026-38413

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS5.7AI score0.0009EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 3:36 a.m.37 views

CVE-2026-55655

OpenSSH on Linux clients is affected by CVE-2026-55655. The issue allows a local unprivileged attacker to hijack client-side X11 forwarding connections by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. The attack can compr...

6.1CVSS5.7AI score0.0009EPSS
Exploits0References3Affected Software2
Debian CVE
Debian CVE
added 2026/06/23 3:36 a.m.6 views

CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

6.5CVSS5.8AI score0.00242EPSS
Exploits1
Rows per page
Query Builder