CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

USN-8090-1: OpenSSH vulnerabilities

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly...

USN-8090-1 openssh vulnerabilities

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly...

UBUNTU-CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

CVE-2026-21670

A vulnerability allowing a low-privileged user to extract saved SSH credentials...

CVE-2026-21670

Veeam Backup & Replication versions prior to 13.0.1.2067 are affected by CVE-2026-21670, enabling a low-privileged user to extract saved SSH credentials. The issue is documented in the Veeam KB (KB4831) and is listed with a CVSS v3.1 score of 7.7 (High). Affected deployment types include Windows-...

Veeam Backup And Replication 安全漏洞

Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. Veeam Backup and Replication has a security vulnerability that stems from allowing low-privilege users to extract stored SSH credentials...

CVE-2026-32108 Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access

Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...

EUVD-2025-208581

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

📄 WatchGuard Firebox Default SSH Credentials

This is a python script to detect whether or not WatchGuard Firebox devices allow unauthorized access via default credentials admin:readwrite on port 4118. =============================================================================================================================================...

CVE-2025-67035

CVE-2025-67035 affects Lantronix EDS5000 (2.1.0.0R3). The SSH Client and SSH Server pages are vulnerable due to insufficient sanitization of input parameters, enabling an attacker to inject arbitrary commands in delete actions of objects like server keys, users, and known hosts. Commands are exec...

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys,...

CVE-2026-26148

The CVE-2026-26148 issue affects the Microsoft Azure AD SSH Login extension for Linux, causing elevation of privilege. According to the provided metrics, the vulnerability is a LOCAL, high-severity flaw (CVSS 3.1: 8.1) with no required user interaction and no privileges required. The attack compl...

CVE-2026-26148 Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability

...

CLSA-2026-1773161124 Fix CVE(s): CVE-2021-22876, CVE-2025-15079

SECURITY UPDATE: acceptance of hosts not listed in specified knownhosts file during SSH-based transfers - debian/patches/CVE-2025-15079.patch: Set both knownhosts options to same file and fix surprises caused by libssh exposing separate KNOWNHOSTS and GLOBALKNOWNHOSTS options. - CVE-2025-15079...

CLSA-2026-1773153207 curl: Fix of 2 CVEs

CVE-2025-15079: libssh global knownhosts file override - CVE-2025-14524: bearer token leak on cross-protocol redirect...

Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

CLSA-2026-1773135327 curl: Fix of 2 CVEs

CVE-2025-14524: prevent bearer token leak on cross-protocol redirect - CVE-2025-15079: set both SSH knownhosts options to the same file to prevent libssh global knownhosts override...

PT-2026-24241

Уязвимость микропрограммного обеспечения коммутаторов Fortinet FortiSwitchAXFixed связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю выполнить произвольные системные команды с помощью специально созданного конфигурационного файла SSH...

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-1232)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl,changing TLS options in one thread would inadvertently change them globally and...