CLSA-2026-1774528630 openssh: Fix of 3 CVEs

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...

CLSA-2026-1774528369 openssh: Fix of 3 CVEs

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...

MiracleLinux 7 : openssh-7.4p1-23.0.3.0.3.el7.AXS7 (AXSA:2025-10789:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10789:04 advisory. CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory...

PT-2026-20975

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description The software contains an issue related to improper sanitation of paths received from SCP servers. This could potentially lead to security consequences. Recommendations At the moment, there is ...

PT-2026-20977

Name of the Vulnerable Software and Affected Versions libssh-config versions prior to 0.11.4-1.1 Description A buffer underflow issue exists in the ssh get hexa function when processing invalid input. This can potentially lead to unexpected behavior or compromise the system. Recommendations Updat...

CLSA-2025-1754941200 openssh: Fix of 3 CVEs

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...

Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

K21350967: OpenSSH vulnerability CVE-2019-6111

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory...

K12252011: OpenSSH vulnerability CVE-2019-6109

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional...

K31781390: January 2019 OpenSSH security vulnerabilities

Security Advisory Description In January 2019, a security researcher announced the discovery of the following OpenSSH SCP client vulnerabilities: CVE-2018-20685 OpenSSH: Improper check in scp.c:sink allows malicious servers to bypass access restrictions in scp client CVE-2019-6109 OpenSSH: Missin...

OpenBSD OpenSSH <= 7.9 Multiple Vulnerabilities

OpenBSD OpenSSH is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-2153)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : openssh (EulerOS-SA-2021-2153)

According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which...

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2019-6109 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by missing character encoding in th...

EulerOS 2.0 SP2 : openssh (EulerOS-SA-2020-2376)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-2112)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : openssh (EulerOS-SA-2020-2112)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2020-1928)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

EulerOS 2.0 SP8 : openssh (EulerOS-SA-2020-1818)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious...

CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...