rpm package
suse/openssh-askpass-gnome&distro=SUSE Linux Enterprise Server 11 SP4-LTSS
pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41617 | Hig | 7.0 | < 6.6p1-36.26.1 | 6.6p1-36.26.1 | Sep 26, 2021 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges | |
| CVE-2019-6109 | Med | 6.8 | < 6.6p1-36.20.1 | 6.6p1-36.20.1 | Jan 31, 2019 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being | |
| CVE-2019-6111 | — | < 6.6p1-36.20.1 | 6.6p1-36.20.1 | Jan 31, 2019 | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att |
- affected < 6.6p1-36.26.1fixed 6.6p1-36.26.1
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges
- affected < 6.6p1-36.20.1fixed 6.6p1-36.20.1
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being
- CVE-2019-6111Jan 31, 2019affected < 6.6p1-36.20.1fixed 6.6p1-36.20.1
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal att