206 matches found
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
...
Linux Distros Unpatched Vulnerability : CVE-2025-61984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution...
SUSE CVE-2025-61984
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
SUSE CVE-2025-61985
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
Exploit for CVE-2025-61984
CVE-2025-61984 PoC This is a proof of concept using a newline...
OpenBSD OpenSSH < 10.1 Multiple Vulnerabilities
OpenBSD OpenSSH is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...
EUVD-2025-32589
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
EUVD-2025-32590
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
AZL-68228 CVE-2025-61985 affecting package openssh for versions less than 9.8p1-5
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
AZL-68231 CVE-2025-61984 affecting package openssh for versions less than 9.8p1-5
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
CVE-2025-61985
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
ALPINE-CVE-2025-61984
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
AZL-68292 CVE-2025-61985 affecting package openssh for versions less than 8.9p1-9
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
UBUNTU-CVE-2025-61984
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
Improper Neutralization of Null Byte or NUL Character
Overview Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character via the handling of URIs in ssh://. An attacker can inject shell expressions into command-line constructor by supplying URIs containing \0 characters. This is only exploitable if URI...
Improper Handling of Invalid Use of Special Elements
Overview Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements via the handling of usernames. An attacker can inject shell expressions into command-line constructor by supplying usernames containing control characters. This is only exploitable if...
CVE-2025-61984
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
CVE-2025-61984
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...
CVE-2025-61985
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
EUVD-2023-58271
Malicious code in bioql PyPI...