OpenSSH < 10.1 / 10.1p1 Multiple Vulnerabilities

The version of OpenSSH installed on the remote host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities: - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a...

JLSEC-2025-8 ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to...

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

...

Linux Distros Unpatched Vulnerability : CVE-2025-61985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. CVE-2025-61985 Note th...

EUVD-2017-3020

Malware in sbrugna...

CVE-2025-61984

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...

ALPINE-CVE-2025-61985

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

UBUNTU-CVE-2025-61985

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

CVE-2025-61985

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

CVE-2025-61985

CVE-2025-61985 affects OpenSSH prior to 10.1. The flaw allows a null character ('\0') in an ssh:// URI to enable potential code execution when a ProxyCommand is used. Affected products/versions are OpenSSH before 10.1; the CVSS base score is 3.6 (LOW) with LOCAL access and high attack complexity ...

PT-2025-40940

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.1 Description OpenSSH contains a flaw where the '0' character within an ssh:// URI can be processed, potentially leading to code execution when a ProxyCommand is utilized. This occurs because the presence of a null...

CVE-2025-61985

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

CVE-2025-61984

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...

PT-2025-40939

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.1 Alma Linux affected versions not specified SUSE affected versions not specified IBM AIX affected versions not specified Fortinet FortiWeb affected versions not specified Description OpenSSH before version 10.1...

CVE-2025-61984

CVE-2025-61984 affects OpenSSH before 10.1. It allows control characters in usernames originating from untrusted sources (command line or %-sequence expansion in a config file), potentially enabling code execution when a ProxyCommand is used. A config file that provides a complete literal usernam...

Linux Distros Unpatched Vulnerability : CVE-2021-3197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, ...

Linux Distros Unpatched Vulnerability : CVE-2023-37154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - checkbyssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS. This has been...

Linux Distros Unpatched Vulnerability : CVE-2023-53158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gix-transport crate before 0.36.1 for Rust allows command execution via the gix clone 'ssh://-oProxyCommand=open$IFS substring. NOTE: this was discovered...

AZL-66020 CVE-2023-53158 affecting package rust for versions less than 1.72.0-8

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

UBUNTU-CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...