rpm package
suse/openssh&distro=SUSE Linux Micro 6.1
pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Micro%206.1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35388 | Low | 2.5 | < 9.6p1-slfo.1.1_6.1 | 9.6p1-slfo.1.1_6.1 | Apr 2, 2026 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | |
| CVE-2026-3497 | Hig | 7.5 | < 9.6p1-slfo.1.1_6.1 | 9.6p1-slfo.1.1_6.1 | Mar 12, 2026 | Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does | |
| CVE-2025-61985 | Low | 3.6 | < 9.6p1-slfo.1.1_3.1 | 9.6p1-slfo.1.1_3.1 | Oct 6, 2025 | ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. | |
| CVE-2025-61984 | Low | 3.6 | < 9.6p1-slfo.1.1_3.1 | 9.6p1-slfo.1.1_3.1 | Oct 6, 2025 | ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file | |
| CVE-2025-26466 | — | < 9.6p1-slfo.1.1_2.1 | 9.6p1-slfo.1.1_2.1 | Feb 28, 2025 | A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such pack | ||
| CVE-2025-26465 | Med | 6.8 | < 9.6p1-slfo.1.1_2.1 | 9.6p1-slfo.1.1_2.1 | Feb 18, 2025 | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying |
- affected < 9.6p1-slfo.1.1_6.1fixed 9.6p1-slfo.1.1_6.1
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
- affected < 9.6p1-slfo.1.1_6.1fixed 9.6p1-slfo.1.1_6.1
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does
- affected < 9.6p1-slfo.1.1_3.1fixed 9.6p1-slfo.1.1_3.1
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
- affected < 9.6p1-slfo.1.1_3.1fixed 9.6p1-slfo.1.1_3.1
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file
- CVE-2025-26466Feb 28, 2025affected < 9.6p1-slfo.1.1_2.1fixed 9.6p1-slfo.1.1_2.1
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such pack
- affected < 9.6p1-slfo.1.1_2.1fixed 9.6p1-slfo.1.1_2.1
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying