VYPR

rpm package

suse/apache-sshd&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

pkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Vulnerabilities (4)

  • CVE-2026-48827HigJun 1, 2026
    affected < 2.18.0-150200.5.11.1fixed 2.18.0-150200.5.11.1

    Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applicatio

  • CVE-2020-36843MedMar 13, 2025
    affected < 2.18.0-150200.5.11.1fixed 2.18.0-150200.5.11.1

    The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different fr

  • CVE-2023-48795MedDec 18, 2023
    affected < 2.12.0-150200.5.8.1fixed 2.12.0-150200.5.8.1

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2022-45047CriNov 16, 2022
    affected < 2.12.0-150200.5.8.1fixed 2.12.0-150200.5.8.1

    Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for load