CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32728 – Ubuntu Security Notice USN-7457-1
https://notcve.org/view.php?id=CVE-2025-32728
10 Apr 2025 — In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. This update for openssh fixes the following issue. Fixed logic error in DisableForwarding option. Fixed ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized. The problem was introduced in the rebase of the patch for 9.6p1. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig • CWE-440: Expected Behavior Violation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30334 – OpenBSD wg(4) kernel crash
https://notcve.org/view.php?id=CVE-2025-30334
20 Mar 2025 — In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/015_wg.patch.sig • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.1EPSS: 56%CPEs: 31EXPL: 2CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. ssh(1) contains a logic error that allows an on-path attacker ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11149 – OpenBSD vmm GDTR limits
https://notcve.org/view.php?id=CVE-2024-11149
06 Dec 2024 — In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/014_vmm.patch.sig •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10933 – OpenBSD readdir directory traversal
https://notcve.org/view.php?id=CVE-2024-10933
05 Dec 2024 — In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11148 – OpenBSD httpd(8) null dereference
https://notcve.org/view.php?id=CVE-2024-11148
05 Dec 2024 — In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/020_httpd.patch.sig • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10934 – OpenBSD NFS double-free vulnerability
https://notcve.org/view.php?id=CVE-2024-10934
15 Nov 2024 — In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig • CWE-415: Double Free •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43688
https://notcve.org/view.php?id=CVE-2024-43688
20 Aug 2024 — cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring. • https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2024-39894 – Ubuntu Security Notice USN-6887-1
https://notcve.org/view.php?id=CVE-2024-39894
02 Jul 2024 — OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. OpenSSH 9.5 a 9.7 anterior a 9.8 a veces permite ataques de sincronización contra la entrada de contraseña sin eco (por ejemplo, para su y Sudo) debido a un error lógico de ObscureKeystrokeTiming. De manera similar, podrían ocurrir otros ataques de sincronización contra... • http://www.openwall.com/lists/oss-security/2024/07/03/6 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 55%CPEs: 54EXPL: 101CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anter... • https://packetstorm.news/files/id/179290 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •