ShellShock - Remote Code Execution

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

apache-sshd-2.18.0-1.1 on GA media (moderate)

apache-sshd-2.18.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10919-1 Rating: moderate Cross-References: CVE-2020-36843 CVE-2026-48827 CVSS scores: CVE-2020-36843 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-36843 SUSE : 8.7...

SUSE CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

Linux Distros Unpatched Vulnerability : CVE-2026-48827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload- pack, git-receive-pack, and other git operations allows...

CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

CVE-2026-48827

This CVE (CVE-2026-48827) affects Apache MINA SSHD when used as the sshd-git bundle. The vulnerability is a path traversal caused by missing path validation in git-upload-pack, git-receive-pack, and other git operations, allowing SSH-authenticated users to access repositories outside the configur...

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

EUVD-2026-33606

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

OPENSUSE-SU-2026:10919-1 apache-sshd-2.18.0-1.1 on GA media

These are all security issues fixed in the apache-sshd-2.18.0-1.1 package on the GA media of openSUSE Tumbleweed...

Apache MINA SSHD security vulnerability

Apache MINA SSHD is a pure Java library from the Apache Foundation that supports the SSH protocol on both the client and server sides. Apache MINA SSHD has a security vulnerability caused by path traversal, which may allow authenticated users to access git repositories outside of the configured g...

PT-2026-45380

Name of the Vulnerable Software and Affected Versions Apache MINA SSHD versions prior to 2.18.0 Apache MINA SSHD versions 3.0.0-M1 through 3.0.0-M3 Description A path traversal issue exists in the org.apache.sshd:sshd-git bundle. Due to a lack of path validation in git-upload-pack,...

openssh security update

An update is available for openssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux,...

RLSA-2025:20126 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding CVE-2025-32728 For more details abo...

MAL-2026-3619 Malicious code in txwrap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 72b4db77d156fffbfdf3253cda39d73180fda419676d356fdbc217130c289549 During importing, the remote code is downloaded. It then exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new...

Unity Linux 20.1060e / 20.1070e Security Update: apache-sshd (UTSA-2026-017596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017596 advisory. A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port...

MAL-2026-3408 Malicious code in textwrap-ext (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da4e8d5daae9a14e0ceb5a942afd308068957ec655cdd950b2b041934e9ec182 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...

Cisco Desk Phone 9841 and 9851 Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Desk Phone 9841 and 9851 are affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Desk Phone 9841 and 9851 due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

Cisco Emergency Responder Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Emergency Responder is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Emergency Responder due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime seconds,...