Lucene search
K

848 matches found

OSV
OSV
added 6 days ago4 views

DEBIAN-CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS6AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 6 days ago3 views

UBUNTU-CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS6.1AI score0.0014EPSS
Exploits0References4
OSV
OSV
added 6 days ago3 views

UBUNTU-CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS6.1AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago115 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS0.00407EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 10:14 p.m.12 views

EUVD-2026-31394

golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions...

6.3CVSS5.8AI score0.00314EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52814

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS0.00547EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 5:12 p.m.4 views

GHSA-XP79-5MX3-JX52 Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5
OSV
OSV
added 2026/06/20 6:52 a.m.2 views

SUSE-SU-2026:22193-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS5.9AI score0.00781EPSS
Exploits0References25
OSV
OSV
added 2026/06/19 1:41 p.m.7 views

SUSE-SU-2026:2472-1 Security update for apache-sshd, jpgpj

This update for apache-sshd, jpgpj fixes the following issues - CVE-2020-36843: no check performed on scalar to avoid signature malleability bsc1239551. - CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd: sshd-git bsc1267018. Changes for jpgpj: - Initial packaging with v1.3...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
Amazon
Amazon
added 2026/06/08 12:0 a.m.22 views

Important: nerdctl

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

10CVSS6.1AI score0.00533EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-39835

A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/06/03 5:14 a.m.102 views

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 분석 포트폴리오 Erlang/OTP SSH 사전인증 원격 코드 실행 취약점 분석...

10CVSS7.1AI score0.97859EPSS
Exploits36
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.28 views

SUSE CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References31
OSV
OSV
added 2026/05/22 4:16 a.m.45 views

UBUNTU-CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.10 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

5.8AI score0.00314EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:31 a.m.1 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.3CVSS6AI score0.00394EPSS
Exploits0References30
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.8CVSS5.8AI score0.00314EPSS
Exploits0
CVE
CVE
added 2026/05/22 2:31 a.m.61 views

CVE-2026-39835

CVE-2026-39835 affects golang.org/x/crypto/ssh where CertChecker used as a public key callback could panic if IsUserAuthority or IsHostAuthority callbacks were nil during a client certificate authentication flow. The concrete fix implemented is that CertChecker now returns an error instead of pan...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References27Affected Software1
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.80 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

0.00314EPSS
Exploits0References4
Rows per page
Query Builder