rpm package
opensuse/openssh&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/openssh&distro=openSUSE%20Leap%2015.6
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61985 | Low | 3.6 | < 9.6p1-150600.6.34.1 | 9.6p1-150600.6.34.1 | Oct 6, 2025 | ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. | |
| CVE-2025-61984 | Low | 3.6 | < 9.6p1-150600.6.34.1 | 9.6p1-150600.6.34.1 | Oct 6, 2025 | ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file | |
| CVE-2025-32728 | — | < 9.6p1-150600.6.26.1 | 9.6p1-150600.6.26.1 | Apr 10, 2025 | In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. | ||
| CVE-2025-26466 | — | < 9.6p1-150600.6.15.2 | 9.6p1-150600.6.15.2 | Feb 28, 2025 | A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such pack | ||
| CVE-2025-26465 | Med | 6.8 | < 9.6p1-150600.6.15.2 | 9.6p1-150600.6.15.2 | Feb 18, 2025 | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying | |
| CVE-2024-39894 | Hig | 7.5 | < 9.6p1-150600.6.6.1 | 9.6p1-150600.6.6.1 | Jul 2, 2024 | OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. | |
| CVE-2024-6387 | Hig | 8.1 | < 9.6p1-150600.6.3.1 | 9.6p1-150600.6.3.1 | Jul 1, 2024 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time pe | |
| CVE-2023-51385 | Med | 6.5 | < 9.6p1-150600.6.6.1 | 9.6p1-150600.6.6.1 | Dec 18, 2023 | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in |
- affected < 9.6p1-150600.6.34.1fixed 9.6p1-150600.6.34.1
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
- affected < 9.6p1-150600.6.34.1fixed 9.6p1-150600.6.34.1
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file
- CVE-2025-32728Apr 10, 2025affected < 9.6p1-150600.6.26.1fixed 9.6p1-150600.6.26.1
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
- CVE-2025-26466Feb 28, 2025affected < 9.6p1-150600.6.15.2fixed 9.6p1-150600.6.15.2
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such pack
- affected < 9.6p1-150600.6.15.2fixed 9.6p1-150600.6.15.2
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying
- affected < 9.6p1-150600.6.6.1fixed 9.6p1-150600.6.6.1
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
- affected < 9.6p1-150600.6.3.1fixed 9.6p1-150600.6.3.1
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time pe
- affected < 9.6p1-150600.6.6.1fixed 9.6p1-150600.6.6.1
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in