RHSA-2026:37382

Vulnerability from csaf_redhat - Published: 2026-07-09 14:40 - Updated: 2026-07-09 17:43
Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs: openssh: * openssh-10.4p1-1.hum1 (aarch64, x86_64) * openssh-askpass-10.4p1-1.hum1 (aarch64, x86_64) * openssh-clients-10.4p1-1.hum1 (aarch64, x86_64) * openssh-keycat-10.4p1-1.hum1 (aarch64, x86_64) * openssh-keysign-10.4p1-1.hum1 (aarch64, x86_64) * openssh-server-10.4p1-1.hum1 (aarch64, x86_64) * openssh-sk-dummy-10.4p1-1.hum1 (aarch64, x86_64) * openssh-10.4p1-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

A flaw was found in OpenSSH. The `sftp` client, when used to download files from a malicious server with the 'sftp server:/path .' command, does not properly restrict where those files are saved. This allows an attacker to control the download location, potentially overwriting existing files or placing malicious files in sensitive directories on the client system, which could compromise system integrity.

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:openssh-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@x86_64
Vendor Fix fix
Threats
Impact Important

A flaw was found in OpenSSH. The internal-sftp component within sshd incorrectly processes command-line arguments, recognizing only the first nine. This limitation can prevent the application of intended security configurations for SFTP (SSH File Transfer Protocol) connections, potentially leading to a bypass of security properties.

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:openssh-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@x86_64
Vendor Fix fix
Threats
Impact Moderate

A flaw was found in OpenSSH. The sshd component has an undocumented security-relevant behavior where GSSAPIStrictAcceptorCheck has no value when the server is in a Windows Active Directory environment. This could lead to unintended information disclosure and impact data integrity.

CWE-909 - Missing Initialization of Resource
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:openssh-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@x86_64
Vendor Fix fix
Threats
Impact Moderate

A flaw was found in `sshd`, the OpenSSH server daemon. When `DisableForwarding=yes` is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over `PermitTunnel=yes`. This allows a remote attacker to bypass intended security restrictions and establish a tunnel, potentially leading to unauthorized network access or circumvention of security policies, even when forwarding is explicitly disabled.

CWE-358 - Improperly Implemented Security Check for Standard
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:openssh-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@x86_64
Vendor Fix fix
Threats
Impact Moderate

A flaw was found in OpenSSH's Secure Shell Daemon (sshd). This vulnerability allows a remote attacker to cause a denial of service by initiating an excessive number of authentication attempts. The issue arises from the mishandling of the MaxAuthTries setting specifically when using GSSAPIAuthentication, leading to resource exhaustion.

CWE-307 - Improper Restriction of Excessive Authentication Attempts
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:openssh-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@x86_64
Vendor Fix fix
Threats
Impact Moderate

A flaw was found in OpenSSH's SSH daemon (sshd). A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attacker to guess valid credentials, potentially leading to unauthorized access or a denial of service.

CWE-307 - Improper Restriction of Excessive Authentication Attempts
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:openssh-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:openssh-main@x86_64
Vendor Fix fix
Threats
Impact Moderate

A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability.

CWE-825 - Expired Pointer Dereference
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:openssh-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:openssh-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:openssh-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Important
References
URL Category
https://access.redhat.com/errata/RHSA-2026:37382 self
https://images.redhat.com/ external
https://access.redhat.com/security/cve/CVE-2026-59996 external
https://access.redhat.com/security/updates/classi… external
https://access.redhat.com/security/cve/CVE-2026-59998 external
https://access.redhat.com/security/cve/CVE-2026-60001 external
https://access.redhat.com/security/cve/CVE-2026-60002 external
https://access.redhat.com/security/cve/CVE-2026-59995 external
https://access.redhat.com/security/cve/CVE-2026-59999 external
https://access.redhat.com/security/cve/CVE-2026-59997 external
https://access.redhat.com/security/cve/CVE-2026-60000 external
https://security.access.redhat.com/data/csaf/v2/a… self
https://access.redhat.com/security/cve/CVE-2026-59995 self
https://bugzilla.redhat.com/show_bug.cgi?id=2497927 external
https://www.cve.org/CVERecord?id=CVE-2026-59995 external
https://nvd.nist.gov/vuln/detail/CVE-2026-59995 external
https://marc.info/?l=openssh-unix-dev&m=178333966… external
https://www.openssh.org/releasenotes.html#10.4p1 external
https://www.openwall.com/lists/oss-security/2026/… external
https://access.redhat.com/security/cve/CVE-2026-59997 self
https://bugzilla.redhat.com/show_bug.cgi?id=2497929 external
https://www.cve.org/CVERecord?id=CVE-2026-59997 external
https://nvd.nist.gov/vuln/detail/CVE-2026-59997 external
https://access.redhat.com/security/cve/CVE-2026-59998 self
https://bugzilla.redhat.com/show_bug.cgi?id=2497935 external
https://www.cve.org/CVERecord?id=CVE-2026-59998 external
https://nvd.nist.gov/vuln/detail/CVE-2026-59998 external
https://access.redhat.com/security/cve/CVE-2026-59999 self
https://bugzilla.redhat.com/show_bug.cgi?id=2497942 external
https://www.cve.org/CVERecord?id=CVE-2026-59999 external
https://nvd.nist.gov/vuln/detail/CVE-2026-59999 external
https://access.redhat.com/security/cve/CVE-2026-60000 self
https://bugzilla.redhat.com/show_bug.cgi?id=2497946 external
https://www.cve.org/CVERecord?id=CVE-2026-60000 external
https://nvd.nist.gov/vuln/detail/CVE-2026-60000 external
https://access.redhat.com/security/cve/CVE-2026-60001 self
https://bugzilla.redhat.com/show_bug.cgi?id=2497938 external
https://www.cve.org/CVERecord?id=CVE-2026-60001 external
https://nvd.nist.gov/vuln/detail/CVE-2026-60001 external
https://access.redhat.com/security/cve/CVE-2026-60002 self
https://bugzilla.redhat.com/show_bug.cgi?id=2497936 external
https://www.cve.org/CVERecord?id=CVE-2026-60002 external
https://nvd.nist.gov/vuln/detail/CVE-2026-60002 external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nopenssh:\n  * openssh-10.4p1-1.hum1 (aarch64, x86_64)\n  * openssh-askpass-10.4p1-1.hum1 (aarch64, x86_64)\n  * openssh-clients-10.4p1-1.hum1 (aarch64, x86_64)\n  * openssh-keycat-10.4p1-1.hum1 (aarch64, x86_64)\n  * openssh-keysign-10.4p1-1.hum1 (aarch64, x86_64)\n  * openssh-server-10.4p1-1.hum1 (aarch64, x86_64)\n  * openssh-sk-dummy-10.4p1-1.hum1 (aarch64, x86_64)\n  * openssh-10.4p1-1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:37382",
        "url": "https://access.redhat.com/errata/RHSA-2026:37382"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-59996",
        "url": "https://access.redhat.com/security/cve/CVE-2026-59996"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-59998",
        "url": "https://access.redhat.com/security/cve/CVE-2026-59998"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-60001",
        "url": "https://access.redhat.com/security/cve/CVE-2026-60001"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-60002",
        "url": "https://access.redhat.com/security/cve/CVE-2026-60002"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-59995",
        "url": "https://access.redhat.com/security/cve/CVE-2026-59995"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-59999",
        "url": "https://access.redhat.com/security/cve/CVE-2026-59999"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-59997",
        "url": "https://access.redhat.com/security/cve/CVE-2026-59997"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-60000",
        "url": "https://access.redhat.com/security/cve/CVE-2026-60000"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_37382.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-07-09T17:43:13+00:00",
      "generator": {
        "date": "2026-07-09T17:43:13+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.2"
        }
      },
      "id": "RHSA-2026:37382",
      "initial_release_date": "2026-07-09T14:40:15+00:00",
      "revision_history": [
        {
          "date": "2026-07-09T14:40:15+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-07-09T16:39:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-09T17:43:13+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-main@aarch64",
                "product": {
                  "name": "openssh-main@aarch64",
                  "product_id": "openssh-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssh@10.4p1-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-main@src",
                "product": {
                  "name": "openssh-main@src",
                  "product_id": "openssh-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssh@10.4p1-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-main@x86_64",
                "product": {
                  "name": "openssh-main@x86_64",
                  "product_id": "openssh-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssh@10.4p1-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:openssh-main@aarch64"
        },
        "product_reference": "openssh-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:openssh-main@src"
        },
        "product_reference": "openssh-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:openssh-main@x86_64"
        },
        "product_reference": "openssh-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-59995",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2026-07-08T01:01:01.518880+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2497927"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH. The `sftp` client, when used to download files from a malicious server with the \u0027sftp server:/path .\u0027 command, does not properly restrict where those files are saved. This allows an attacker to control the download location, potentially overwriting existing files or placing malicious files in sensitive directories on the client system, which could compromise system integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH: sftp client allows attacker to control downloaded file location",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:openssh-main@aarch64",
          "Red Hat Hardened Images:openssh-main@src",
          "Red Hat Hardened Images:openssh-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-59995"
        },
        {
          "category": "external",
          "summary": "RHBZ#2497927",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497927"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-59995",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-59995"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59995",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59995"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.org/releasenotes.html#10.4p1",
          "url": "https://www.openssh.org/releasenotes.html#10.4p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2026/07/06/5",
          "url": "https://www.openwall.com/lists/oss-security/2026/07/06/5"
        }
      ],
      "release_date": "2026-07-08T00:04:49.995000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:40:15+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37382"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openssh: OpenSSH: sftp client allows attacker to control downloaded file location"
    },
    {
      "cve": "CVE-2026-59997",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "discovery_date": "2026-07-08T01:01:08.930287+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2497929"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH. The internal-sftp component within sshd incorrectly processes command-line arguments, recognizing only the first nine. This limitation can prevent the application of intended security configurations for SFTP (SSH File Transfer Protocol) connections, potentially leading to a bypass of security properties.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:openssh-main@aarch64",
          "Red Hat Hardened Images:openssh-main@src",
          "Red Hat Hardened Images:openssh-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-59997"
        },
        {
          "category": "external",
          "summary": "RHBZ#2497929",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497929"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-59997",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-59997"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59997",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59997"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.org/releasenotes.html#10.4p1",
          "url": "https://www.openssh.org/releasenotes.html#10.4p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2026/07/06/5",
          "url": "https://www.openwall.com/lists/oss-security/2026/07/06/5"
        }
      ],
      "release_date": "2026-07-08T00:09:04.920000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:40:15+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37382"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw"
    },
    {
      "cve": "CVE-2026-59998",
      "cwe": {
        "id": "CWE-909",
        "name": "Missing Initialization of Resource"
      },
      "discovery_date": "2026-07-08T01:01:30.478799+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2497935"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH. The sshd component has an undocumented security-relevant behavior where GSSAPIStrictAcceptorCheck has no value when the server is in a Windows Active Directory environment. This could lead to unintended information disclosure and impact data integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH: Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:openssh-main@aarch64",
          "Red Hat Hardened Images:openssh-main@src",
          "Red Hat Hardened Images:openssh-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-59998"
        },
        {
          "category": "external",
          "summary": "RHBZ#2497935",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497935"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-59998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-59998"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59998",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59998"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.org/releasenotes.html#10.4p1",
          "url": "https://www.openssh.org/releasenotes.html#10.4p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2026/07/06/5",
          "url": "https://www.openwall.com/lists/oss-security/2026/07/06/5"
        }
      ],
      "release_date": "2026-07-08T00:11:05.183000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:40:15+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37382"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssh: OpenSSH: Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory"
    },
    {
      "cve": "CVE-2026-59999",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2026-07-08T01:01:55.619428+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2497942"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in `sshd`, the OpenSSH server daemon. When `DisableForwarding=yes` is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over `PermitTunnel=yes`. This allows a remote attacker to bypass intended security restrictions and establish a tunnel, potentially leading to unauthorized network access or circumvention of security policies, even when forwarding is explicitly disabled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:openssh-main@aarch64",
          "Red Hat Hardened Images:openssh-main@src",
          "Red Hat Hardened Images:openssh-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-59999"
        },
        {
          "category": "external",
          "summary": "RHBZ#2497942",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497942"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-59999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-59999"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59999",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59999"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.org/releasenotes.html#10.4p1",
          "url": "https://www.openssh.org/releasenotes.html#10.4p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2026/07/06/5",
          "url": "https://www.openwall.com/lists/oss-security/2026/07/06/5"
        }
      ],
      "release_date": "2026-07-08T00:13:08.397000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:40:15+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37382"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssh: OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options"
    },
    {
      "cve": "CVE-2026-60000",
      "cwe": {
        "id": "CWE-307",
        "name": "Improper Restriction of Excessive Authentication Attempts"
      },
      "discovery_date": "2026-07-08T01:02:09.730221+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2497946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH\u0027s Secure Shell Daemon (sshd). This vulnerability allows a remote attacker to cause a denial of service by initiating an excessive number of authentication attempts. The issue arises from the mishandling of the MaxAuthTries setting specifically when using GSSAPIAuthentication, leading to resource exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH: Denial of Service via excessive GSSAPI authentication attempts",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:openssh-main@aarch64",
          "Red Hat Hardened Images:openssh-main@src",
          "Red Hat Hardened Images:openssh-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-60000"
        },
        {
          "category": "external",
          "summary": "RHBZ#2497946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-60000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-60000"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-60000",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-60000"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.org/releasenotes.html#10.4p1",
          "url": "https://www.openssh.org/releasenotes.html#10.4p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2026/07/06/5",
          "url": "https://www.openwall.com/lists/oss-security/2026/07/06/5"
        }
      ],
      "release_date": "2026-07-08T00:14:31.230000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:40:15+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37382"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssh: OpenSSH: Denial of Service via excessive GSSAPI authentication attempts"
    },
    {
      "cve": "CVE-2026-60001",
      "cwe": {
        "id": "CWE-307",
        "name": "Improper Restriction of Excessive Authentication Attempts"
      },
      "discovery_date": "2026-07-08T01:01:40.680574+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2497938"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH\u0027s SSH daemon (sshd). A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attacker to guess valid credentials, potentially leading to unauthorized access or a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH: Brute-force attacks facilitated due to insufficient authentication delay",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:openssh-main@aarch64",
          "Red Hat Hardened Images:openssh-main@src",
          "Red Hat Hardened Images:openssh-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-60001"
        },
        {
          "category": "external",
          "summary": "RHBZ#2497938",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497938"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-60001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-60001"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-60001",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-60001"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.org/releasenotes.html#10.4p1",
          "url": "https://www.openssh.org/releasenotes.html#10.4p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2026/07/06/5",
          "url": "https://www.openwall.com/lists/oss-security/2026/07/06/5"
        }
      ],
      "release_date": "2026-07-08T00:16:15.497000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:40:15+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37382"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssh: OpenSSH: Brute-force attacks facilitated due to insufficient authentication delay"
    },
    {
      "cve": "CVE-2026-60002",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-07-08T01:01:33.808610+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2497936"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Important flaw in OpenSSH client could allow a malicious SSH server to execute arbitrary code on the connecting client due to a use-after-free vulnerability during host key re-exchange. While requiring a connection to a specially crafted server, the potential for high impact on client confidentiality and integrity elevates the severity beyond Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:openssh-main@aarch64",
          "Red Hat Hardened Images:openssh-main@src",
          "Red Hat Hardened Images:openssh-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-60002"
        },
        {
          "category": "external",
          "summary": "RHBZ#2497936",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2497936"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-60002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-60002"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-60002",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-60002"
        },
        {
          "category": "external",
          "summary": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2",
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2"
        },
        {
          "category": "external",
          "summary": "https://www.openssh.org/releasenotes.html#10.4p1",
          "url": "https://www.openssh.org/releasenotes.html#10.4p1"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2026/07/06/5",
          "url": "https://www.openwall.com/lists/oss-security/2026/07/06/5"
        }
      ],
      "release_date": "2026-07-08T00:17:33.058000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:40:15+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37382"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, OpenSSH clients should only connect to trusted SSH servers. Enforcing strict host key checking and carefully managing `known_hosts` files can help prevent connections to servers with unexpected or altered host keys, thereby reducing exposure to this client-side vulnerability.",
          "product_ids": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:openssh-main@aarch64",
            "Red Hat Hardened Images:openssh-main@src",
            "Red Hat Hardened Images:openssh-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…