rpm package
suse/apache-sshd&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
pkg:rpm/suse/apache-sshd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48827 | Hig | 7.1 | < 2.18.0-150200.5.11.1 | 2.18.0-150200.5.11.1 | Jun 1, 2026 | Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applicatio | |
| CVE-2020-36843 | Med | 4.3 | < 2.18.0-150200.5.11.1 | 2.18.0-150200.5.11.1 | Mar 13, 2025 | The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different fr | |
| CVE-2023-48795 | Med | 5.9 | < 2.12.0-150200.5.8.1 | 2.12.0-150200.5.8.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2022-45047 | Cri | 9.8 | < 2.12.0-150200.5.8.1 | 2.12.0-150200.5.8.1 | Nov 16, 2022 | Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for load |
- affected < 2.18.0-150200.5.11.1fixed 2.18.0-150200.5.11.1
Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applicatio
- affected < 2.18.0-150200.5.11.1fixed 2.18.0-150200.5.11.1
The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different fr
- affected < 2.12.0-150200.5.8.1fixed 2.12.0-150200.5.8.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- affected < 2.12.0-150200.5.8.1fixed 2.12.0-150200.5.8.1
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for load