rpm package
suse/openssh-askpass-gnome&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-51385 | Med | 6.5 | < 7.2p2-81.12.1 | 7.2p2-81.12.1 | Dec 18, 2023 | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in | |
| CVE-2023-48795 | Med | 5.9 | < 7.2p2-81.8.1 | 7.2p2-81.8.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-38408 | — | < 7.2p2-81.4.2 | 7.2p2-81.4.2 | Jul 20, 2023 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this is | ||
| CVE-2021-41617 | Hig | 7.0 | < 7.2p2-78.13.1 | 7.2p2-78.13.1 | Sep 26, 2021 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges | |
| CVE-2020-14145 | — | < 7.2p2-78.10.1 | 7.2p2-78.10.1 | Jun 29, 2020 | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NO |
- affected < 7.2p2-81.12.1fixed 7.2p2-81.12.1
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in
- affected < 7.2p2-81.8.1fixed 7.2p2-81.8.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-38408Jul 20, 2023affected < 7.2p2-81.4.2fixed 7.2p2-81.4.2
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this is
- affected < 7.2p2-78.13.1fixed 7.2p2-78.13.1
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges
- CVE-2020-14145Jun 29, 2020affected < 7.2p2-78.10.1fixed 7.2p2-78.10.1
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NO