OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39835)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39835 advisory. - SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or...

CVE-2025-46371

Dell PowerFlex Manager, versions

Missing Release of Resource after Effective Lifetime

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the repeated opening of channels by an authenticated SSH client that are subsequently rejected by the server. An attacker ca...

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization. When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially...

PT-2026-42771

Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

Astra Linux - уязвимость в golang-go.crypto

The x/crypto/ssh package in version 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to cause a panic in an SSH server...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...

Oracle Linux 9 : openssh (ELSA-2026-6462)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6462 advisory. 8.7p1-48.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug:...

Unity Linux 20.1060e / 20.1070e Security Update: erlang (UTSA-2026-006131)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006131 advisory. Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an...

Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console

Summary sshd-common-2.10.0.jar, dompurify-2.2.7.tgz, derby-10.16.1.1.jar, ion-java-1.2.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION:...

PT-2026-22970

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific...

SICK LMS1000和SICK MRS1000 安全漏洞

SICK LMS1000 and SICK MRS1000 are products from the German company SICK. SICK LMS1000 is a lidar sensor. SICK MRS1000 is a 3D lidar sensor. Both SICK LMS1000 and SICK MRS1000 have security vulnerabilities. These vulnerabilities stem from the use of an outdated and weak MAC algorithm in the device...

NewStart CGSL MAIN 6.06 (SP) : openssh Multiple Vulnerabilities (NS-SA-2026-0001)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by multiple vulnerabilities: - In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an...

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20043-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20043-1 advisory. Update the ssh component to the latest in the maint-27 branch. Security issues fixed: - CVE-2025-48040: ssh: overly tolerant handling of data...

Security update for erlang (moderate)

openSUSE security update: security update for erlang ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20043-1 Rating: moderate References: bsc1249469 bsc1249470 bsc1249472 Cross-References: CVE-2025-48038 CVE-2025-48039 CVE-2025-48040 CVSS scores:...

MiracleLinux 7 : openssh-6.6.1p1-23.el7 (AXSA:2016-037:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-037:01 advisory. SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide...

MiracleLinux 7 : openssh-7.4p1-23.0.3.0.1.el7.AXS7 (AXSA:2025-9844:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9844:01 advisory. CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled CVEs: CVE-2025-26465 A vulnerability was found in OpenSSH when the...

CVE-2022-23111

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...