| CVE-2026-46595 |
critical |
10.0 |
10.0 |
|
|
|
14d ago |
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would… |
| CVE-2026-42508 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked. |
| CVE-2026-39834 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty pack… |
| CVE-2026-39833 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indicatio… |
| CVE-2026-39832 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forward… |
| CVE-2026-39831 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch … |
| CVE-2026-39830 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), r… |
| CVE-2026-39827 |
medium |
6.5 |
6.5 |
|
|
|
14d ago |
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users.… |
| CVE-2026-39828 |
medium |
6.3 |
6.3 |
|
|
|
14d ago |
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as forc… |
| CVE-2023-48795 |
medium |
5.9 |
5.9 |
|
|
|
3y ago |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from… |
| CVE-2019-11840 |
medium |
5.9 |
5.9 |
|
|
|
7y ago |
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/… |
| CVE-2022-27191 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2022:7469: container-tools:4.0 security and bug fix update (Moderate) |
| CVE-2020-29652 |
medium |
— |
5.5 |
|
|
|
4y ago |
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. |
| CVE-2026-46598 |
medium |
5.3 |
5.3 |
|
|
|
14d ago |
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. |
| CVE-2026-39835 |
medium |
5.3 |
5.3 |
|
|
|
14d ago |
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an… |
