RockyLinux 10 : openssh (RLSA-2025:23479)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23479 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

RockyLinux 9 : openssh (RLSA-2025:23480)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23480 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

RLSA-2025:23479 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand...

openssh security update

An update is available for openssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux,...

openssh security update

An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

Cockpit 359 - RCE

Exploit Title: Cockpit 359 - RCE Date: 18-04-2026 Exploit Author: @intx0x80 Vendor Homepage: https://cockpit-project.org/ Software Link: https://github.com/cockpit-project/cockpit Version: 327-359 Tested on: Debain CVE : CVE-2026-4631 import base64 import argparse import requests import urllib3...

GO-2026-5009 Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

Astra Linux - уязвимость в openssh

In OpenSSH versions prior to 10.1, control characters in user names that originated from certain potentially untrusted sources could lead to code execution when ProxyCommand was used. The potentially untrusted sources include the command line and the %-sequence expansion from a configuration file...

Debian dla-4584 : openssh-client - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4584 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4584-1 [email protected]...

Astra Linux - уязвимость в libssh

A flaw was discovered in libssh. By using the ProxyCommand or ProxyJump feature, users can exploit unvalidated hostname syntax on the client side. This issue may allow an attacker to inject malicious code into the commands related to these features via the hostname parameter...

Security Bulletin: Vulnerabilities in OpenSSH affects IBM Netezza Appliance

Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61984, CVE-2025-61985 Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certa...

Mageia: Security Advisory (MGASA-2026-0059)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated openssh packages fix security vulnerabilities

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. CVE-2025-61984...

Unity Linux 20.1070a Security Update: openssh (UTSA-2026-006246)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006246 advisory. ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Tenable has extracted the...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2026-1586)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2026-1449)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand i...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-1614)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-1586)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to...

Unity Linux 20.1070e Security Update: openssh (UTSA-2026-006162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006162 advisory. ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Tenable has extracted the...

USN-8090-2 openssh vulnerabilities

USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the...