VYPR

rpm package

suse/openssh&distro=SUSE Linux Micro 6.0

pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Micro%206.0

Vulnerabilities (8)

  • CVE-2025-61985LowOct 6, 2025
    affected < 9.6p1-4.1fixed 9.6p1-4.1

    ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

  • CVE-2025-61984LowOct 6, 2025
    affected < 9.6p1-4.1fixed 9.6p1-4.1

    ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file

  • CVE-2025-26466Feb 28, 2025
    affected < 9.6p1-3.1fixed 9.6p1-3.1

    A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such pack

  • CVE-2025-26465MedFeb 18, 2025
    affected < 9.6p1-3.1fixed 9.6p1-3.1

    A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying

  • CVE-2024-39894HigJul 2, 2024
    affected < 9.6p1-2.1fixed 9.6p1-2.1

    OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

  • CVE-2024-6387HigJul 1, 2024
    affected < 9.6p1-2.1fixed 9.6p1-2.1

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time pe

  • CVE-2023-51385MedDec 18, 2023
    affected < 9.6p1-2.1fixed 9.6p1-2.1

    In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in

  • CVE-2023-48795MedDec 18, 2023
    affected < 9.6p1-2.1fixed 9.6p1-2.1

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end