Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1604)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1604 advisory. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and...

openssh: scp allows command injection when using backtick characters in the destination argument

A flaw was found in the scp program shipped with the openssh-clients package. An attacker having the ability to scp files to a remote server, could execute arbitrary commands on the remote server by including the command as a part of the filename being copied on the server. This command is run wi...

Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2024-570)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-570 advisory. In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example,...

Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2023-462)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-462 advisory. AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applie...

K04305530: SCP vulnerability CVE-2020-15778

Security Advisory Description scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers"...

virt-v2v security, bug fix, and enhancement update

2.0.7-6.0.1 - Replaced bugzilla.oracle.com references Orabug: 34202300 - replaced upstream references Orabug:34089586 1:2.0.7-6 - Install qemu-ga package during conversion resolves: rhbz2028764 1:2.0.7-5 - Remove LVM2 devices file during conversion resolves: rhbz2112801 - Add support for Zstandar...

openSUSE: Security Advisory for git (openSUSE-SU-2021:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-2039)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. Mitigation This issue only affects the user...

CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. Mitigation This issue only affects the users of scp binary which...

[SECURITY] Fedora 24 Update: openssh-7.2p2-13.fc24

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

OracleVM 2.2 : openssh (OVMSA-2016-0033)

The remote OracleVM system is missing necessary patches to address critical security updates : - change default value of MaxStartups - CVE-2010-5107 John Haxby %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory...

[SECURITY] Fedora 22 Update: openssh-6.9p1-10.fc22

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Vulnerabilities of the Red Hat Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the openssh-clients-3.1p1 package of the Red Hat Linux operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the openssh-clients-4.3p2 package for the CentOS operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality and integrity of protected information

The multiple vulnerabilities in the openssh-clients-5.3p1 package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of the confidentiality and integrity of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the openssh-clients-3.9p1 package of the Red Hat Enterprise Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Red Hat Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the openssh-clients-2.9p2 package of the Red Hat Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...