41 matches found
OpenSSH security update for CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
MiracleLinux 8 : openssh-8.0p1-26.el8_10 (AXSA:2025-10918:05)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10918:05 advisory. openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled CVE-2025-26465 Tenable has extracted the preceding description block directly from the...
EulerOS 2.0 SP9 : openssh (EulerOS-SA-2026-1009)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...
RockyLinux 8 : openssh (RLSA-2025:16823)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:16823 advisory. openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled CVE-2025-26465 Tenable has extracted the preceding description block directly from the...
openssh security update
An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...
openssh security update
An update is available for openssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...
AlmaLinux 8 : openssh (ALSA-2025:16823)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:16823 advisory. openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled CVE-2025-26465 Tenable has extracted the preceding description block directly from the...
openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
AlmaLinux 9 : openssh (ALSA-2025:6993)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:6993 advisory. openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled CVE-2025-26465 Tenable has extracted the preceding description block directly from the AlmaLin...
RHEL 9 : openssh (RHSA-2025:3837)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3837 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...
EulerOS 2.0 SP10 : openssh (EulerOS-SA-2025-1530)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
EulerOS 2.0 SP10 : openssh (EulerOS-SA-2025-1531)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
EulerOS 2.0 SP12 : openssh (EulerOS-SA-2025-1429)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
EulerOS 2.0 SP12 : openssh (EulerOS-SA-2025-1430)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
K000150876: OpenSSH vulnerability CVE-2025-26465
Security Advisory Description A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions...
Moderate: Red Hat Security Advisory: openssh security update
An update for openssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
EulerOS 2.0 SP11 : openssh (EulerOS-SA-2025-1368)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
CLSA-2025-1742926277 openssh: Fix of CVE-2025-26465
CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation openssh bz3012 Orabug: 30448895...
ROS-20250307-13
A vulnerability in the VerifyHostKeyDNS component of the OpenSSH cryptographic protection tool is related to flaws in error handling during host key verification. in error handling during host key verification. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct...
Medium: openssh
Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...