rpm package
opensuse/openssh&distro=openSUSE Leap Micro 5.4
pkg:rpm/opensuse/openssh&distro=openSUSE%20Leap%20Micro%205.4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-51385 | Med | 6.5 | < 8.4p1-150300.3.30.1 | 8.4p1-150300.3.30.1 | Dec 18, 2023 | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in | |
| CVE-2023-48795 | Med | 5.9 | < 8.4p1-150300.3.27.1 | 8.4p1-150300.3.27.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end |
- affected < 8.4p1-150300.3.30.1fixed 8.4p1-150300.3.30.1
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in
- affected < 8.4p1-150300.3.27.1fixed 8.4p1-150300.3.27.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end