OESA-2026-1190 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

K000159684: OpenSSH vulnerabilities CVE-2025-61984 and CVE-2025-61985

Security Advisory Description CVE-2025-61984 ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2026-070:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-070:01 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004931)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004931 advisory. When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in th...

CVE-2026-24058 Soft Serve has Critical Authentication Bypass

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058 Soft Serve has Critical Authentication Bypass

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-1102

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests...

UBUNTU-CVE-2026-1102

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests...

CVE-2026-1102 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests...

CVE-2026-1102

CVE-2026-1102 affects GitLab CE/EE. Affected are all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2. The issue allowed an unauthenticated user to trigger a denial-of-service condition by sending repeated malformed SSH authentication requests. Remediation is in the pa...

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

SUSE-SU-2026:20123-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out of bounds read bsc1254054 - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-094 (ALASECS-2026-094)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-094 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the progr...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-47913)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-47913 advisory. - SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause ear...

Azure Linux 3.0 Security Update: wireshark (CVE-2023-6174)

The version of wireshark installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6174 advisory. - SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted...

PT-2026-3932

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Management System. This issue is related to the SessionController function within the SSH Protocol Handler...

Soft Serve security vulnerability

Soft Serve is a self-hosted command-line Git server developed by Charm. Versions of Soft Serve prior to 0.11.2 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing attackers to provide the victim’s public key during the SSH handshake phase,...