Search Results (357 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-59998 1 Openbsd 1 Openssh 2026-07-08 4.8 Medium
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
CVE-2026-59999 1 Openbsd 1 Openssh 2026-07-08 5.9 Medium
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
CVE-2026-60000 1 Openbsd 1 Openssh 2026-07-08 3.7 Low
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.
CVE-2026-60001 1 Openbsd 1 Openssh 2026-07-08 6.5 Medium
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
CVE-2026-59996 1 Openbsd 1 Openssh 2026-07-08 4.2 Medium
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
CVE-2026-60002 1 Openbsd 1 Openssh 2026-07-08 7.7 High
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)
CVE-2026-59995 1 Openbsd 1 Openssh 2026-07-08 4.2 Medium
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
CVE-2026-59997 1 Openbsd 1 Openssh 2026-07-08 4.2 Medium
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
CVE-2025-26466 4 Canonical, Debian, Openbsd and 1 more 5 Ubuntu Linux, Debian Linux, Openssh and 2 more 2026-06-30 5.9 Medium
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
CVE-2026-57589 1 Openbsd 1 Openbsd 2026-06-25 7.4 High
sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().
CVE-2026-56099 1 Openbsd 1 Src 2026-06-23 5.3 Medium
OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.
CVE-2026-55706 1 Openbsd 1 Openbsd 2026-06-17 5.8 Medium
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
CVE-2026-3497 5 Canonical, Debian, Openbsd and 2 more 5 Ubuntu Linux, Debian Linux, Openssh and 2 more 2026-06-02 7.5 High
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.
CVE-2016-8858 1 Openbsd 1 Openssh 2026-05-29 7.5 High
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
CVE-2016-6210 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-05-29 5.9 Medium
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
CVE-2016-3115 3 Openbsd, Oracle, Redhat 3 Openssh, Vm Server, Enterprise Linux 2026-05-29 6.4 Medium
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
CVE-2016-1908 4 Debian, Openbsd, Oracle and 1 more 10 Debian Linux, Openssh, Linux and 7 more 2026-05-29 9.8 Critical
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
CVE-2016-10012 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-05-29 7.8 High
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
CVE-2016-10011 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-05-29 6.2 Medium
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2016-10010 1 Openbsd 1 Openssh 2026-05-29 7 High
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.