rpm package
suse/libssh&distro=SUSE Linux Enterprise Module for Basesystem 15 SP1
pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-1730 | — | < 0.8.7-10.12.1 | 0.8.7-10.12.1 | Apr 13, 2020 | A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the con | ||
| CVE-2019-14889 | — | < 0.8.7-10.6.2 | 0.8.7-10.6.2 | Dec 10, 2019 | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where |
- CVE-2020-1730Apr 13, 2020affected < 0.8.7-10.12.1fixed 0.8.7-10.12.1
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the con
- CVE-2019-14889Dec 10, 2019affected < 0.8.7-10.6.2fixed 0.8.7-10.6.2
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where