OPENSUSE-SU-2026:20038-1 Security update for wget2

This update for wget2 fixes the following issues: Changes in wget2: - Update to release 2.2.1 Fix file overwrite issue with metalink CVE-2025-69194 bsc1255728 Fix remote buffer overflow in getlocalfilenamereal CVE-2025-69195 bsc1255729 Fix a redirect/mirror regression from 400713ca Use the local...

MiracleLinux 7 : openssh-7.4p1-23.0.3.0.3.el7.AXS7 (AXSA:2025-10789:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10789:04 advisory. CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory...

Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

K12252011: OpenSSH vulnerability CVE-2019-6109

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional...

SUSE CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

F5 Networks BIG-IP : OpenSSH vulnerability (K12252011)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K12252011 advisory. An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicio...

VulnCheck KEV: CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

EulerOS 2.0 SP2 : openssh (EulerOS-SA-2020-1657)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target...

Google Chrome Security Update (stable-channel-update-for-desktop-2020-06) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Stable Channel Update for Desktop

The stable channel has been updated to 83.0.4103.97 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictio...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-1419)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openssh: Missing character encoding in progress display allows for spoofing of scp client output

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

Amazon Linux AMI : openssh (ALAS-2019-1313)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1908)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle...

Amazon Linux 2 : openssh (ALAS-2019-1216)

An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented. A...

Updated openssh packages fix security vulnerabilities

Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred CVE-2019-6109. Due to scp client insufficient...

EulerOS Virtualization 2.5.3 : openssh (EulerOS-SA-2019-1355)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or...

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1324)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle...

Debian DLA-1728-1 : openssh security update

Multiple scp client vulnerabilities have been discovered in OpenSSH, the premier connectivity tool for secure remote shell login and secure file transfer. CVE-2018-20685 In scp.c, the scp client allowed remote SSH servers to bypass intended access restrictions via the filename of . or an empty...

DEBIAN-CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...