Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : openssh (RHSA-2026:0976)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0976 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

Azure Linux 3.0 Security Update: libssh (CVE-2023-6004)

The version of libssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6004 advisory. - A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked...

MiracleLinux 8 : libssh-0.9.6-14.el8 (AXSA:2024-8172:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8172:04 advisory. libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values fo...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code executi...

EulerOS 2.0 SP10 : openssh (EulerOS-SA-2026-1033)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is...

EulerOS 2.0 SP12 : openssh (EulerOS-SA-2026-1095)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2026-1095)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2026-1054)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 9 : openssh-8.7p1-47.el9_7.ML.1 (AXSA:2025-11563:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11563:07 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in...

CLSA-2026-1767955216 openssh: Fix of 2 CVEs

CVE-2025-61984: fix username handling by rejecting control characters from untrusted sources to prevent ProxyCommand code execution - CVE-2025-61985: disallowed NUL characters in ssh:// URI parsing to prevent ProxyCommand-based code execution...

CLSA-2026-1767954480 openssh: Fix of 2 CVEs

CVE-2025-61984: fix username handling by rejecting control characters from untrusted sources to prevent ProxyCommand code execution - CVE-2025-61985: disallowed NUL characters in ssh:// URI parsing to prevent ProxyCommand-based code execution...

CLSA-2026-1767627533 openssh: Fix of CVE-2025-61985

CVE-2025-61985: potential code execution using the ‘\0’ character in an ssh:// URI, when a ProxyCommand is used...

EulerOS Virtualization 2.13.0 : openssh (EulerOS-SA-2025-2612)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources,...

EulerOS Virtualization 2.13.1 : openssh (EulerOS-SA-2025-2626)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources,...

Alibaba Cloud Linux 3 : 0198: openssh (ALINUX3-SA-2025:0198)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0198 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-61984: ssh in OpenSSH before 10.1...

AlmaLinux 10 : openssh (ALSA-2025:23479)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23479 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

AlmaLinux 9 : openssh (ALSA-2025:23480)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23480 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh:// U...

AlmaLinux 8 : openssh (ALSA-2025:23481)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23481 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh:// U...