Medium: openssh

Issue Overview: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not...

Advisory ROSA-SA-2025-3074

Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 unaffected versions = openssh-8.0p1-26.0.1.1.rv3 affected versions openssh-8.0p1-26.0.1.1.rv3 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool exis...

Medium: openssh

Issue Overview: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. CVE-2025-32728 Affected Packages: openssh Issue Correction: Run dnf update openssh --releasever 2023.7.20250623 to update your...

Photon OS 3.0: Openssh PHSA-2025-3.0-0824

An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-3.0-0824. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 41 : openssh (2025-18cb3f852d)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-18cb3f852d advisory. Fix regression of Match directive processing Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

Medium: openssh

Issue Overview: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in ...

Medium: openssh

Issue Overview: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in ...

Medium: openssh

Issue Overview: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in ...

SUSE: Security Advisory (SUSE-SU-2023:2950-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:14870-1 Security update for openssh-openssl1

This update for openssh-openssl1 fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured bsc1190975...

SUSE-SU-2021:3950-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured bsc1190975...

SUSE-SU-2021:0022-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange bsc1173513...

SUSE-SU-2018:2685-1 Security update for openssh

This update for openssh provides the following fixes: Security issues fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server bsc1065000. - CVE-2016-10012: Remove pre-auth compression support from the server to prevent possible cryptographic attacks bsc1016370. -...

Amazon Linux 2 : openssh (ALAS-2018-1042)

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.CVE-2017-15906 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

SUSE-SU-2016:2555-1 Security update for openssh-openssl1

This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2016-6210: Prevent user enumeration through the timing of password processing bsc989363 - CVE-2016-6515: limit accepted password length prevents possible DoS bsc992533 - CVE-2016-3115: Sanitise input for...