Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-1483 (GCVE-0-2008-1483)
Vulnerability from cvelistv5 – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
EPSS
Summary
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
55 references
Date Public ?
2008-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "DSA-1576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "29554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29554"
},
{
"name": "ADV-2008-1526",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"name": "ADV-2008-1630",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"name": "[security-announce] 20080403 Globus Security Advisory 2008-01: GSI-OpenSSH vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"name": "29686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29686"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31531"
},
{
"name": "SSA:2008-095-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "HPSBUX02337",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "openssh-sshd-session-hijacking(41438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"name": "USN-597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/597-1/"
},
{
"name": "1019235",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"name": "ADV-2008-1624",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "30249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"name": "29735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "SSRT080072",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "29721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29721"
},
{
"name": "ADV-2008-2396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29522"
},
{
"name": "30086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30086"
},
{
"name": "29939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29939"
},
{
"name": "30347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30347"
},
{
"name": "oval:org.mitre.oval:def:6085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"name": "ADV-2008-0994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"name": "1019707",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019707"
},
{
"name": "237444",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"name": "MDVSA-2008:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"name": "29676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29676"
},
{
"name": "29873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29873"
},
{
"name": "29537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29537"
},
{
"name": "29626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29626"
},
{
"name": "20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"name": "ADV-2008-1448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"name": "NetBSD-SA2008-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "30230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30230"
},
{
"name": "28444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28444"
},
{
"name": "GLSA-200804-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "FreeBSD-SA-08:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"name": "ADV-2008-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1123",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "DSA-1576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "29554",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29554"
},
{
"name": "ADV-2008-1526",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"name": "ADV-2008-1630",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"name": "[security-announce] 20080403 Globus Security Advisory 2008-01: GSI-OpenSSH vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"name": "29686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29686"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31531"
},
{
"name": "SSA:2008-095-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "HPSBUX02337",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "openssh-sshd-session-hijacking(41438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"name": "USN-597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/597-1/"
},
{
"name": "1019235",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"name": "ADV-2008-1624",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "30249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"name": "29735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "SSRT080072",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "29721",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29721"
},
{
"name": "ADV-2008-2396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29522"
},
{
"name": "30086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30086"
},
{
"name": "29939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29939"
},
{
"name": "30347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30347"
},
{
"name": "oval:org.mitre.oval:def:6085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"name": "ADV-2008-0994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"name": "1019707",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019707"
},
{
"name": "237444",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"name": "MDVSA-2008:078",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"name": "29676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29676"
},
{
"name": "29873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29873"
},
{
"name": "29537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29537"
},
{
"name": "29626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29626"
},
{
"name": "20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"name": "ADV-2008-1448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"name": "NetBSD-SA2008-005",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "30230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30230"
},
{
"name": "28444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28444"
},
{
"name": "GLSA-200804-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "FreeBSD-SA-08:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"name": "ADV-2008-1124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"name": "http://support.attachmate.com/techdocs/2374.html",
"refsource": "CONFIRM",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "DSA-1576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "29554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29554"
},
{
"name": "ADV-2008-1526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"name": "ADV-2008-1630",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"name": "[security-announce] 20080403 Globus Security Advisory 2008-01: GSI-OpenSSH vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"name": "29686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29686"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31531"
},
{
"name": "SSA:2008-095-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "HPSBUX02337",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "openssh-sshd-session-hijacking(41438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"name": "USN-597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/597-1/"
},
{
"name": "1019235",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2397",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"name": "ADV-2008-1624",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "30249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30249"
},
{
"name": "20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"name": "29735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "SSRT080072",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "29721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29721"
},
{
"name": "ADV-2008-2396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29522"
},
{
"name": "30086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30086"
},
{
"name": "29939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29939"
},
{
"name": "30347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30347"
},
{
"name": "oval:org.mitre.oval:def:6085",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"name": "ADV-2008-0994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"name": "1019707",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019707"
},
{
"name": "237444",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"name": "MDVSA-2008:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"name": "29676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29676"
},
{
"name": "29873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29873"
},
{
"name": "29537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29537"
},
{
"name": "29626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29626"
},
{
"name": "20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"name": "ADV-2008-1448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"name": "NetBSD-SA2008-005",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "30230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30230"
},
{
"name": "28444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28444"
},
{
"name": "GLSA-200804-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "FreeBSD-SA-08:05",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"name": "ADV-2008-1124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1483",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2008-1483",
"date": "2026-05-22",
"epss": "0.00201",
"percentile": "0.42"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3640CCC9-EC4A-44A4-B747-7BAAAD3460C7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.\"}, {\"lang\": \"es\", \"value\": \"OpenSSH 4.3p2 y probablemente otras versiones, permite a usuarios locales secuestrar conexiones X enviadas provocando que ssh ponga DISPLAY a :10, incluso cuando otro proceso est\\u00e1 escuchando en el puerto asociado, como se demostr\\u00f3 abriendo el puerto TCp 6010 (IPv4) y escaneando una cookie enviada por Emacs.\"}]",
"id": "CVE-2008-1483",
"lastModified": "2024-11-21T00:44:38.780",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2008-03-24T23:44:00.000",
"references": "[{\"url\": \"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29522\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29537\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29554\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29626\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29676\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29683\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29686\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29721\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29735\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29873\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29939\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30086\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30230\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30249\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30347\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30361\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31531\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31882\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.attachmate.com/techdocs/2374.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1576\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:078\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/490054/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28444\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019707\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-260A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0994/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1123/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1124/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1448/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1526/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1624/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1630/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2396\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2584\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41438\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-2397\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/597-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29537\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29554\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29626\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29676\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29683\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29686\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29721\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29735\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29873\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29939\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30086\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30230\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30347\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30361\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31531\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.attachmate.com/techdocs/2374.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1576\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:078\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/490054/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28444\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019707\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-260A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0994/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1123/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1124/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1448/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1526/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1624/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1630/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2396\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2584\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41438\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-2397\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/597-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue.\\n\\nThis issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2005-527.html\\n\\nRed Hat Enterprise Linux 3 is affected by this issue. The Red Hat Security Response Team has rated this issue as having low security\\nimpact. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1483\\n\", \"lastModified\": \"2010-03-19T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-1483\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-24T23:44:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.\"},{\"lang\":\"es\",\"value\":\"OpenSSH 4.3p2 y probablemente otras versiones, permite a usuarios locales secuestrar conexiones X enviadas provocando que ssh ponga DISPLAY a :10, incluso cuando otro proceso est\u00e1 escuchando en el puerto asociado, como se demostr\u00f3 abriendo el puerto TCp 6010 (IPv4) y escaneando una cookie enviada por Emacs.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3640CCC9-EC4A-44A4-B747-7BAAAD3460C7\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29537\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29554\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29626\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29676\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29683\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29686\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29721\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29735\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29873\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29939\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30086\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30230\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30347\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30361\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31531\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31882\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.attachmate.com/techdocs/2374.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1576\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:078\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/490054/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28444\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019707\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-260A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0994/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1123/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1124/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1448/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1526/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1624/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1630/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2396\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2584\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41438\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-2397\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/597-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29683\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29686\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29735\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29873\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30230\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30347\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.attachmate.com/techdocs/2374.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1576\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:078\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/490054/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019707\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-260A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0994/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1123/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1124/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1448/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1526/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1624/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1630/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2584\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41438\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-2397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/597-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue.\\n\\nThis issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2005-527.html\\n\\nRed Hat Enterprise Linux 3 is affected by this issue. The Red Hat Security Response Team has rated this issue as having low security\\nimpact. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1483\\n\",\"lastModified\":\"2010-03-19T00:00:00\"}]}}"
}
}
CERTA-2008-AVI-165
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans OpenSSH permet à un utilisateur malveillant de porter atteinte à la confidentialité des données.
Description
Cette vulnérablité peut être exploitée par un utilisateur malintentionné, connecté au serveur SSH vulnérable, pour détourner l'affichage du serveur X déporté d'un autre utilisateur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSH 4.X.",
"product": {
"name": "N/A",
"vendor": {
"name": "OpenSSH",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nCette vuln\u00e9rablit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur\nmalintentionn\u00e9, connect\u00e9 au serveur SSH vuln\u00e9rable, pour d\u00e9tourner\nl\u0027affichage du serveur X d\u00e9port\u00e9 d\u0027un autre utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1483"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKVA-2008:078 du 26 mars 2008 :",
"url": "http://www.mandriva.com/archives/security/advisories?name=MDVSA-2008:078"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 OpenBSD 4.1, 4.2 et 4.3 du 03 avril 2008 :",
"url": "http://www.openbsd.org/errata42.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 OpenBSD 4.1, 4.2 et 4.3 du 03 avril 2008 :",
"url": "http://www.openbsd.org/errata43.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 OpenBSD 4.1, 4.2 et 4.3 du 03 avril 2008 :",
"url": "http://www.openbsd.org/errata41.html"
}
],
"reference": "CERTA-2008-AVI-165",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-03-28T00:00:00.000000"
},
{
"description": "Ajout de la r\u00e9f\u00e9rence \u00e0 OpenBSD.",
"revision_date": "2008-04-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans OpenSSH permet \u00e0 un utilisateur malveillant de\nporter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans OpenSSH",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2008:078 du 26 mars 2008",
"url": null
}
]
}
CERTA-2008-AVI-267
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités affectent IBM AIX et permettent, en particulier, à un utilisateur malveillant d'exécuter du code arbitraire à distance.
Description
Plusieurs vulnérabilités affectent IBM AIX :
- un débordement de mémoire est possible dans une fonction d'impression et utilisable par un utilisateur malveillant pour exécuter du code arbitraire avec les droits d'administration du système ;
- un autre débordement de mémoire concerne le noyau et permet de provoquer une arrêt inopiné ou une exécution de code arbitraire à distance ;
- un débordement de mémoire est possible dans la fonction errpt et permet à un utilisateur malveillant d'exécuter du code arbitraire avec les droits d'administration du système ;
- deux vulnérabilités concernent OpenSSH et permettent à un utilisateur malveillant de contourner la politique de sécurité ;
- le service FTP peut révéler des données sensibles à un utilisateur malveillant sans nécessiter l'authentification de ce dernier ;
- une erreur de gestion des variables d'environnement dans iostat est exploitable par un utilisateur malveillant local pour exécuter du code arbitraire avec les droits d'administration du système.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM AIX, version 5.2, 5.3 et 6.1.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cSPAN class=\"textit\"\u003eIBM AIX\u003c/SPAN\u003e, version 5.2, 5.3 et 6.1.",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent IBM AIX :\n\n- un d\u00e9bordement de m\u00e9moire est possible dans une fonction\n d\u0027impression et utilisable par un utilisateur malveillant pour\n ex\u00e9cuter du code arbitraire avec les droits d\u0027administration du\n syst\u00e8me ;\n- un autre d\u00e9bordement de m\u00e9moire concerne le noyau et permet de\n provoquer une arr\u00eat inopin\u00e9 ou une ex\u00e9cution de code arbitraire \u00e0\n distance ;\n- un d\u00e9bordement de m\u00e9moire est possible dans la fonction errpt et\n permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire\n avec les droits d\u0027administration du syst\u00e8me ;\n- deux vuln\u00e9rabilit\u00e9s concernent OpenSSH et permettent \u00e0 un\n utilisateur malveillant de contourner la politique de s\u00e9curit\u00e9 ;\n- le service FTP peut r\u00e9v\u00e9ler des donn\u00e9es sensibles \u00e0 un utilisateur\n malveillant sans n\u00e9cessiter l\u0027authentification de ce dernier ;\n- une erreur de gestion des variables d\u0027environnement dans iostat est\n exploitable par un utilisateur malveillant local pour ex\u00e9cuter du\n code arbitraire avec les droits d\u0027administration du syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1483"
},
{
"name": "CVE-1999-0201",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0201"
},
{
"name": "CVE-2007-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5764"
},
{
"name": "CVE-2008-1657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1657"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/unix_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 19 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/pioout_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/ftpd_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc"
}
],
"reference": "CERTA-2008-AVI-267",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent \u003cspan class=\"textit\"\u003eIBM AIX\u003c/span\u003e\net permettent, en particulier, \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s d\u0027AIX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin IBM du 21 mai 2008",
"url": null
}
]
}
CERTA-2008-AVI-463
Vulnerability from certfr_avis - Published: - Updated:None
Description
De multiples vulnérabilités ont été corrigées dans Mac OS X. Celles-ci permettent notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X Server versions ant\u00e9rieures \u00e0 10.5.5.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X versions ant\u00e9rieures \u00e0 10.5.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Celles-ci\npermettent notamment \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3608"
},
{
"name": "CVE-2008-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2376"
},
{
"name": "CVE-2008-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2332"
},
{
"name": "CVE-2008-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1483"
},
{
"name": "CVE-2008-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1835"
},
{
"name": "CVE-2008-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3618"
},
{
"name": "CVE-2008-2331",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2331"
},
{
"name": "CVE-2008-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
},
{
"name": "CVE-2008-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3617"
},
{
"name": "CVE-2008-1100",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1100"
},
{
"name": "CVE-2008-2329",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2329"
},
{
"name": "CVE-2008-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3610"
},
{
"name": "CVE-2008-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3215"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2008-2713",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2713"
},
{
"name": "CVE-2008-3622",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3622"
},
{
"name": "CVE-2008-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
},
{
"name": "CVE-2008-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2305"
},
{
"name": "CVE-2008-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3619"
},
{
"name": "CVE-2008-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1387"
},
{
"name": "CVE-2008-2330",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2330"
},
{
"name": "CVE-2008-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2312"
},
{
"name": "CVE-2008-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3616"
},
{
"name": "CVE-2008-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1833"
},
{
"name": "CVE-2008-0314",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0314"
},
{
"name": "CVE-2008-1657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1657"
},
{
"name": "CVE-2008-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1836"
},
{
"name": "CVE-2008-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3609"
},
{
"name": "CVE-2008-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3613"
},
{
"name": "CVE-2008-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3621"
},
{
"name": "CVE-2008-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1837"
},
{
"name": "CVE-2008-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3611"
},
{
"name": "CVE-2008-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3614"
}
],
"links": [],
"reference": "CERTA-2008-AVI-463",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOSX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple 2008-006",
"url": "http://support.apple.com/kb/HT3137"
}
]
}
CERTA-2008-AVI-165
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans OpenSSH permet à un utilisateur malveillant de porter atteinte à la confidentialité des données.
Description
Cette vulnérablité peut être exploitée par un utilisateur malintentionné, connecté au serveur SSH vulnérable, pour détourner l'affichage du serveur X déporté d'un autre utilisateur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSH 4.X.",
"product": {
"name": "N/A",
"vendor": {
"name": "OpenSSH",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nCette vuln\u00e9rablit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur\nmalintentionn\u00e9, connect\u00e9 au serveur SSH vuln\u00e9rable, pour d\u00e9tourner\nl\u0027affichage du serveur X d\u00e9port\u00e9 d\u0027un autre utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1483"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKVA-2008:078 du 26 mars 2008 :",
"url": "http://www.mandriva.com/archives/security/advisories?name=MDVSA-2008:078"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 OpenBSD 4.1, 4.2 et 4.3 du 03 avril 2008 :",
"url": "http://www.openbsd.org/errata42.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 OpenBSD 4.1, 4.2 et 4.3 du 03 avril 2008 :",
"url": "http://www.openbsd.org/errata43.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 OpenBSD 4.1, 4.2 et 4.3 du 03 avril 2008 :",
"url": "http://www.openbsd.org/errata41.html"
}
],
"reference": "CERTA-2008-AVI-165",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-03-28T00:00:00.000000"
},
{
"description": "Ajout de la r\u00e9f\u00e9rence \u00e0 OpenBSD.",
"revision_date": "2008-04-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans OpenSSH permet \u00e0 un utilisateur malveillant de\nporter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans OpenSSH",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2008:078 du 26 mars 2008",
"url": null
}
]
}
CERTA-2008-AVI-267
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités affectent IBM AIX et permettent, en particulier, à un utilisateur malveillant d'exécuter du code arbitraire à distance.
Description
Plusieurs vulnérabilités affectent IBM AIX :
- un débordement de mémoire est possible dans une fonction d'impression et utilisable par un utilisateur malveillant pour exécuter du code arbitraire avec les droits d'administration du système ;
- un autre débordement de mémoire concerne le noyau et permet de provoquer une arrêt inopiné ou une exécution de code arbitraire à distance ;
- un débordement de mémoire est possible dans la fonction errpt et permet à un utilisateur malveillant d'exécuter du code arbitraire avec les droits d'administration du système ;
- deux vulnérabilités concernent OpenSSH et permettent à un utilisateur malveillant de contourner la politique de sécurité ;
- le service FTP peut révéler des données sensibles à un utilisateur malveillant sans nécessiter l'authentification de ce dernier ;
- une erreur de gestion des variables d'environnement dans iostat est exploitable par un utilisateur malveillant local pour exécuter du code arbitraire avec les droits d'administration du système.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM AIX, version 5.2, 5.3 et 6.1.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cSPAN class=\"textit\"\u003eIBM AIX\u003c/SPAN\u003e, version 5.2, 5.3 et 6.1.",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent IBM AIX :\n\n- un d\u00e9bordement de m\u00e9moire est possible dans une fonction\n d\u0027impression et utilisable par un utilisateur malveillant pour\n ex\u00e9cuter du code arbitraire avec les droits d\u0027administration du\n syst\u00e8me ;\n- un autre d\u00e9bordement de m\u00e9moire concerne le noyau et permet de\n provoquer une arr\u00eat inopin\u00e9 ou une ex\u00e9cution de code arbitraire \u00e0\n distance ;\n- un d\u00e9bordement de m\u00e9moire est possible dans la fonction errpt et\n permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire\n avec les droits d\u0027administration du syst\u00e8me ;\n- deux vuln\u00e9rabilit\u00e9s concernent OpenSSH et permettent \u00e0 un\n utilisateur malveillant de contourner la politique de s\u00e9curit\u00e9 ;\n- le service FTP peut r\u00e9v\u00e9ler des donn\u00e9es sensibles \u00e0 un utilisateur\n malveillant sans n\u00e9cessiter l\u0027authentification de ce dernier ;\n- une erreur de gestion des variables d\u0027environnement dans iostat est\n exploitable par un utilisateur malveillant local pour ex\u00e9cuter du\n code arbitraire avec les droits d\u0027administration du syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1483"
},
{
"name": "CVE-1999-0201",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0201"
},
{
"name": "CVE-2007-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5764"
},
{
"name": "CVE-2008-1657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1657"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/unix_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 19 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/pioout_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/ftpd_advisory.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 21 mai 2008 :",
"url": "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc"
}
],
"reference": "CERTA-2008-AVI-267",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent \u003cspan class=\"textit\"\u003eIBM AIX\u003c/span\u003e\net permettent, en particulier, \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s d\u0027AIX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin IBM du 21 mai 2008",
"url": null
}
]
}
CERTA-2008-AVI-463
Vulnerability from certfr_avis - Published: - Updated:None
Description
De multiples vulnérabilités ont été corrigées dans Mac OS X. Celles-ci permettent notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X Server versions ant\u00e9rieures \u00e0 10.5.5.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Mac OS X versions ant\u00e9rieures \u00e0 10.5.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Celles-ci\npermettent notamment \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3608"
},
{
"name": "CVE-2008-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2376"
},
{
"name": "CVE-2008-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2332"
},
{
"name": "CVE-2008-1483",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1483"
},
{
"name": "CVE-2008-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1835"
},
{
"name": "CVE-2008-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3618"
},
{
"name": "CVE-2008-2331",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2331"
},
{
"name": "CVE-2008-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
},
{
"name": "CVE-2008-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3617"
},
{
"name": "CVE-2008-1100",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1100"
},
{
"name": "CVE-2008-2329",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2329"
},
{
"name": "CVE-2008-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3610"
},
{
"name": "CVE-2008-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3215"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2008-2713",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2713"
},
{
"name": "CVE-2008-3622",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3622"
},
{
"name": "CVE-2008-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
},
{
"name": "CVE-2008-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2305"
},
{
"name": "CVE-2008-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3619"
},
{
"name": "CVE-2008-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1387"
},
{
"name": "CVE-2008-2330",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2330"
},
{
"name": "CVE-2008-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2312"
},
{
"name": "CVE-2008-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3616"
},
{
"name": "CVE-2008-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1833"
},
{
"name": "CVE-2008-0314",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0314"
},
{
"name": "CVE-2008-1657",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1657"
},
{
"name": "CVE-2008-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1836"
},
{
"name": "CVE-2008-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3609"
},
{
"name": "CVE-2008-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3613"
},
{
"name": "CVE-2008-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3621"
},
{
"name": "CVE-2008-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1837"
},
{
"name": "CVE-2008-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3611"
},
{
"name": "CVE-2008-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3614"
}
],
"links": [],
"reference": "CERTA-2008-AVI-463",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOSX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple 2008-006",
"url": "http://support.apple.com/kb/HT3137"
}
]
}
FKIE_CVE-2008-1483
Vulnerability from fkie_nvd - Published: 2008-03-24 23:44 - Updated: 2026-04-23 00:35
Severity ?
Summary
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."
},
{
"lang": "es",
"value": "OpenSSH 4.3p2 y probablemente otras versiones, permite a usuarios locales secuestrar conexiones X enviadas provocando que ssh ponga DISPLAY a :10, incluso cuando otro proceso est\u00e1 escuchando en el puerto asociado, como se demostr\u00f3 abriendo el puerto TCp 6010 (IPv4) y escaneando una cookie enviada por Emacs."
}
],
"id": "CVE-2008-1483",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-24T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29522"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29537"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29554"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29626"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29676"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29683"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29686"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29721"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29735"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29873"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29939"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30086"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30230"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30249"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30347"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30361"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31531"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31882"
},
{
"source": "cve@mitre.org",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28444"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019707"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/597-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/597-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue.\n\nThis issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2005-527.html\n\nRed Hat Enterprise Linux 3 is affected by this issue. The Red Hat Security Response Team has rated this issue as having low security\nimpact. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1483\n",
"lastModified": "2010-03-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-M4XR-866G-83X6
Vulnerability from github – Published: 2022-05-03 03:19 – Updated: 2022-05-03 03:19
VLAI?
Details
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
{
"affected": [],
"aliases": [
"CVE-2008-1483"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-03-24T23:44:00Z",
"severity": "MODERATE"
},
"details": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.",
"id": "GHSA-m4xr-866g-83x6",
"modified": "2022-05-03T03:19:15Z",
"published": "2022-05-03T03:19:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1483"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"type": "WEB",
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/597-1"
},
{
"type": "WEB",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29522"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29537"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29554"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29626"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29676"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29683"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29686"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29721"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29735"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29873"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29939"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30086"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30230"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30249"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30347"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/30361"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31531"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31882"
},
{
"type": "WEB",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"type": "WEB",
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"type": "WEB",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"type": "WEB",
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/28444"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1019707"
},
{
"type": "WEB",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2584"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2008-1483
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-1483",
"description": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.",
"id": "GSD-2008-1483",
"references": [
"https://www.suse.com/security/cve/CVE-2008-1483.html",
"https://access.redhat.com/errata/RHSA-2005:527"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-1483"
],
"details": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.",
"id": "GSD-2008-1483",
"modified": "2023-12-13T01:23:03.315910Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"name": "http://support.attachmate.com/techdocs/2374.html",
"refsource": "CONFIRM",
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "DSA-1576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "29554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29554"
},
{
"name": "ADV-2008-1526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"name": "ADV-2008-1630",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"name": "[security-announce] 20080403 Globus Security Advisory 2008-01: GSI-OpenSSH vulnerability",
"refsource": "MLIST",
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"name": "29686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29686"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31531"
},
{
"name": "SSA:2008-095-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "HPSBUX02337",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "openssh-sshd-session-hijacking(41438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"name": "USN-597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/597-1/"
},
{
"name": "1019235",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2397",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"name": "ADV-2008-1624",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "30249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30249"
},
{
"name": "20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"name": "29735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29735"
},
{
"name": "29683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29683"
},
{
"name": "30361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30361"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "SUSE-SR:2008:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "SSRT080072",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "29721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29721"
},
{
"name": "ADV-2008-2396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "29522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29522"
},
{
"name": "30086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30086"
},
{
"name": "29939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29939"
},
{
"name": "30347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30347"
},
{
"name": "oval:org.mitre.oval:def:6085",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"name": "ADV-2008-0994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"name": "1019707",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019707"
},
{
"name": "237444",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"name": "MDVSA-2008:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"name": "29676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29676"
},
{
"name": "29873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29873"
},
{
"name": "29537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29537"
},
{
"name": "29626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29626"
},
{
"name": "20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"name": "ADV-2008-1448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"name": "NetBSD-SA2008-005",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "30230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30230"
},
{
"name": "28444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28444"
},
{
"name": "GLSA-200804-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "FreeBSD-SA-08:05",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"name": "ADV-2008-1124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1483"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120",
"refsource": "CONFIRM",
"tags": [],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0120"
},
{
"name": "https://issues.rpath.com/browse/RPL-2397",
"refsource": "CONFIRM",
"tags": [],
"url": "https://issues.rpath.com/browse/RPL-2397"
},
{
"name": "29522",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29522"
},
{
"name": "29537",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29537"
},
{
"name": "MDVSA-2008:078",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:078"
},
{
"name": "28444",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/28444"
},
{
"name": "1019707",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1019707"
},
{
"name": "29554",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29554"
},
{
"name": "29626",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29626"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227",
"refsource": "CONFIRM",
"tags": [],
"url": "http://sourceforge.net/project/shownotes.php?release_id=590180\u0026group_id=69227"
},
{
"name": "GLSA-200804-03",
"refsource": "GENTOO",
"tags": [],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml"
},
{
"name": "SSA:2008-095-01",
"refsource": "SLACKWARE",
"tags": [],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.540188"
},
{
"name": "SUSE-SR:2008:009",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html"
},
{
"name": "29676",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29676"
},
{
"name": "29683",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29683"
},
{
"name": "29686",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29686"
},
{
"name": "29735",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29735"
},
{
"name": "[security-announce] 20080403 Globus Security Advisory 2008-01: GSI-OpenSSH vulnerability",
"refsource": "MLIST",
"tags": [],
"url": "http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html"
},
{
"name": "29721",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29721"
},
{
"name": "FreeBSD-SA-08:05",
"refsource": "FREEBSD",
"tags": [],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm"
},
{
"name": "DSA-1576",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name": "NetBSD-SA2008-005",
"refsource": "NETBSD",
"tags": [],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc"
},
{
"name": "29939",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29939"
},
{
"name": "29873",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29873"
},
{
"name": "30249",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30249"
},
{
"name": "30361",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30361"
},
{
"name": "30230",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30230"
},
{
"name": "http://support.attachmate.com/techdocs/2374.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.attachmate.com/techdocs/2374.html"
},
{
"name": "31531",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31531"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31882",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "30086",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30086"
},
{
"name": "237444",
"refsource": "SUNALERT",
"tags": [],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1"
},
{
"name": "HPSBUX02337",
"refsource": "HP",
"tags": [],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841"
},
{
"name": "30347",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/30347"
},
{
"name": "ADV-2008-1630",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/1630/references"
},
{
"name": "1019235",
"refsource": "SUNALERT",
"tags": [],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1"
},
{
"name": "ADV-2008-1123",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/1123/references"
},
{
"name": "ADV-2008-1526",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/1526/references"
},
{
"name": "ADV-2008-0994",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/0994/references"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "ADV-2008-1624",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/1624/references"
},
{
"name": "ADV-2008-2396",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/2396"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc",
"refsource": "CONFIRM",
"tags": [],
"url": "http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc"
},
{
"name": "ADV-2008-1124",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/1124/references"
},
{
"name": "ADV-2008-1448",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/1448/references"
},
{
"name": "20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability",
"refsource": "CISCO",
"tags": [],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483"
},
{
"name": "openssh-sshd-session-hijacking(41438)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41438"
},
{
"name": "oval:org.mitre.oval:def:6085",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6085"
},
{
"name": "USN-597-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/597-1/"
},
{
"name": "20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/490054/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-11T20:35Z",
"publishedDate": "2008-03-24T23:44Z"
}
}
}
OPENSUSE-SU-2024:11124-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
openssh-8.4p1-7.4 on GA media
Severity
Moderate
Notes
Title of the patch: openssh-8.4p1-7.4 on GA media
Description of the patch: These are all security issues fixed in the openssh-8.4p1-7.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11124
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.8 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.6 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.6 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
90 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "openssh-8.4p1-7.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the openssh-8.4p1-7.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11124",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11124-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-0225 page",
"url": "https://www.suse.com/security/cve/CVE-2006-0225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4752 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1483 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10009 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10010 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10011 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10012 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8858 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20685 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6109 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6110 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6111 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6111/"
}
],
"title": "openssh-8.4p1-7.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11124-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openssh-8.4p1-7.4.aarch64",
"product": {
"name": "openssh-8.4p1-7.4.aarch64",
"product_id": "openssh-8.4p1-7.4.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-cavs-8.4p1-7.4.aarch64",
"product": {
"name": "openssh-cavs-8.4p1-7.4.aarch64",
"product_id": "openssh-cavs-8.4p1-7.4.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-clients-8.4p1-7.4.aarch64",
"product": {
"name": "openssh-clients-8.4p1-7.4.aarch64",
"product_id": "openssh-clients-8.4p1-7.4.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-common-8.4p1-7.4.aarch64",
"product": {
"name": "openssh-common-8.4p1-7.4.aarch64",
"product_id": "openssh-common-8.4p1-7.4.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-fips-8.4p1-7.4.aarch64",
"product": {
"name": "openssh-fips-8.4p1-7.4.aarch64",
"product_id": "openssh-fips-8.4p1-7.4.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-helpers-8.4p1-7.4.aarch64",
"product": {
"name": "openssh-helpers-8.4p1-7.4.aarch64",
"product_id": "openssh-helpers-8.4p1-7.4.aarch64"
}
},
{
"category": "product_version",
"name": "openssh-server-8.4p1-7.4.aarch64",
"product": {
"name": "openssh-server-8.4p1-7.4.aarch64",
"product_id": "openssh-server-8.4p1-7.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-8.4p1-7.4.ppc64le",
"product": {
"name": "openssh-8.4p1-7.4.ppc64le",
"product_id": "openssh-8.4p1-7.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openssh-cavs-8.4p1-7.4.ppc64le",
"product": {
"name": "openssh-cavs-8.4p1-7.4.ppc64le",
"product_id": "openssh-cavs-8.4p1-7.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openssh-clients-8.4p1-7.4.ppc64le",
"product": {
"name": "openssh-clients-8.4p1-7.4.ppc64le",
"product_id": "openssh-clients-8.4p1-7.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openssh-common-8.4p1-7.4.ppc64le",
"product": {
"name": "openssh-common-8.4p1-7.4.ppc64le",
"product_id": "openssh-common-8.4p1-7.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openssh-fips-8.4p1-7.4.ppc64le",
"product": {
"name": "openssh-fips-8.4p1-7.4.ppc64le",
"product_id": "openssh-fips-8.4p1-7.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openssh-helpers-8.4p1-7.4.ppc64le",
"product": {
"name": "openssh-helpers-8.4p1-7.4.ppc64le",
"product_id": "openssh-helpers-8.4p1-7.4.ppc64le"
}
},
{
"category": "product_version",
"name": "openssh-server-8.4p1-7.4.ppc64le",
"product": {
"name": "openssh-server-8.4p1-7.4.ppc64le",
"product_id": "openssh-server-8.4p1-7.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-8.4p1-7.4.s390x",
"product": {
"name": "openssh-8.4p1-7.4.s390x",
"product_id": "openssh-8.4p1-7.4.s390x"
}
},
{
"category": "product_version",
"name": "openssh-cavs-8.4p1-7.4.s390x",
"product": {
"name": "openssh-cavs-8.4p1-7.4.s390x",
"product_id": "openssh-cavs-8.4p1-7.4.s390x"
}
},
{
"category": "product_version",
"name": "openssh-clients-8.4p1-7.4.s390x",
"product": {
"name": "openssh-clients-8.4p1-7.4.s390x",
"product_id": "openssh-clients-8.4p1-7.4.s390x"
}
},
{
"category": "product_version",
"name": "openssh-common-8.4p1-7.4.s390x",
"product": {
"name": "openssh-common-8.4p1-7.4.s390x",
"product_id": "openssh-common-8.4p1-7.4.s390x"
}
},
{
"category": "product_version",
"name": "openssh-fips-8.4p1-7.4.s390x",
"product": {
"name": "openssh-fips-8.4p1-7.4.s390x",
"product_id": "openssh-fips-8.4p1-7.4.s390x"
}
},
{
"category": "product_version",
"name": "openssh-helpers-8.4p1-7.4.s390x",
"product": {
"name": "openssh-helpers-8.4p1-7.4.s390x",
"product_id": "openssh-helpers-8.4p1-7.4.s390x"
}
},
{
"category": "product_version",
"name": "openssh-server-8.4p1-7.4.s390x",
"product": {
"name": "openssh-server-8.4p1-7.4.s390x",
"product_id": "openssh-server-8.4p1-7.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openssh-8.4p1-7.4.x86_64",
"product": {
"name": "openssh-8.4p1-7.4.x86_64",
"product_id": "openssh-8.4p1-7.4.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-cavs-8.4p1-7.4.x86_64",
"product": {
"name": "openssh-cavs-8.4p1-7.4.x86_64",
"product_id": "openssh-cavs-8.4p1-7.4.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-clients-8.4p1-7.4.x86_64",
"product": {
"name": "openssh-clients-8.4p1-7.4.x86_64",
"product_id": "openssh-clients-8.4p1-7.4.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-common-8.4p1-7.4.x86_64",
"product": {
"name": "openssh-common-8.4p1-7.4.x86_64",
"product_id": "openssh-common-8.4p1-7.4.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-fips-8.4p1-7.4.x86_64",
"product": {
"name": "openssh-fips-8.4p1-7.4.x86_64",
"product_id": "openssh-fips-8.4p1-7.4.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-helpers-8.4p1-7.4.x86_64",
"product": {
"name": "openssh-helpers-8.4p1-7.4.x86_64",
"product_id": "openssh-helpers-8.4p1-7.4.x86_64"
}
},
{
"category": "product_version",
"name": "openssh-server-8.4p1-7.4.x86_64",
"product": {
"name": "openssh-server-8.4p1-7.4.x86_64",
"product_id": "openssh-server-8.4p1-7.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-8.4p1-7.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64"
},
"product_reference": "openssh-8.4p1-7.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-8.4p1-7.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le"
},
"product_reference": "openssh-8.4p1-7.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-8.4p1-7.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x"
},
"product_reference": "openssh-8.4p1-7.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-8.4p1-7.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64"
},
"product_reference": "openssh-8.4p1-7.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-cavs-8.4p1-7.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64"
},
"product_reference": "openssh-cavs-8.4p1-7.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-cavs-8.4p1-7.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le"
},
"product_reference": "openssh-cavs-8.4p1-7.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-cavs-8.4p1-7.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x"
},
"product_reference": "openssh-cavs-8.4p1-7.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-cavs-8.4p1-7.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64"
},
"product_reference": "openssh-cavs-8.4p1-7.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-8.4p1-7.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64"
},
"product_reference": "openssh-clients-8.4p1-7.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-8.4p1-7.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le"
},
"product_reference": "openssh-clients-8.4p1-7.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-8.4p1-7.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x"
},
"product_reference": "openssh-clients-8.4p1-7.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-clients-8.4p1-7.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64"
},
"product_reference": "openssh-clients-8.4p1-7.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-common-8.4p1-7.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64"
},
"product_reference": "openssh-common-8.4p1-7.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-common-8.4p1-7.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le"
},
"product_reference": "openssh-common-8.4p1-7.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-common-8.4p1-7.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x"
},
"product_reference": "openssh-common-8.4p1-7.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-common-8.4p1-7.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64"
},
"product_reference": "openssh-common-8.4p1-7.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-fips-8.4p1-7.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64"
},
"product_reference": "openssh-fips-8.4p1-7.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-fips-8.4p1-7.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le"
},
"product_reference": "openssh-fips-8.4p1-7.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-fips-8.4p1-7.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x"
},
"product_reference": "openssh-fips-8.4p1-7.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-fips-8.4p1-7.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64"
},
"product_reference": "openssh-fips-8.4p1-7.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-helpers-8.4p1-7.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64"
},
"product_reference": "openssh-helpers-8.4p1-7.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-helpers-8.4p1-7.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le"
},
"product_reference": "openssh-helpers-8.4p1-7.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-helpers-8.4p1-7.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x"
},
"product_reference": "openssh-helpers-8.4p1-7.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-helpers-8.4p1-7.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64"
},
"product_reference": "openssh-helpers-8.4p1-7.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-8.4p1-7.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64"
},
"product_reference": "openssh-server-8.4p1-7.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-8.4p1-7.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le"
},
"product_reference": "openssh-server-8.4p1-7.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-8.4p1-7.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x"
},
"product_reference": "openssh-server-8.4p1-7.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssh-server-8.4p1-7.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
},
"product_reference": "openssh-server-8.4p1-7.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-0225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-0225"
}
],
"notes": [
{
"category": "general",
"text": "scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-0225",
"url": "https://www.suse.com/security/cve/CVE-2006-0225"
},
{
"category": "external",
"summary": "SUSE Bug 143435 for CVE-2006-0225",
"url": "https://bugzilla.suse.com/143435"
},
{
"category": "external",
"summary": "SUSE Bug 206456 for CVE-2006-0225",
"url": "https://bugzilla.suse.com/206456"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-0225"
},
{
"cve": "CVE-2007-4752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4752"
}
],
"notes": [
{
"category": "general",
"text": "ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4752",
"url": "https://www.suse.com/security/cve/CVE-2007-4752"
},
{
"category": "external",
"summary": "SUSE Bug 308521 for CVE-2007-4752",
"url": "https://bugzilla.suse.com/308521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-4752"
},
{
"cve": "CVE-2008-1483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1483"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1483",
"url": "https://www.suse.com/security/cve/CVE-2008-1483"
},
{
"category": "external",
"summary": "SUSE Bug 1069509 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/1069509"
},
{
"category": "external",
"summary": "SUSE Bug 373527 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/373527"
},
{
"category": "external",
"summary": "SUSE Bug 585630 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/585630"
},
{
"category": "external",
"summary": "SUSE Bug 647633 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/647633"
},
{
"category": "external",
"summary": "SUSE Bug 706386 for CVE-2008-1483",
"url": "https://bugzilla.suse.com/706386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-1483"
},
{
"cve": "CVE-2016-10009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10009"
}
],
"notes": [
{
"category": "general",
"text": "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10009",
"url": "https://www.suse.com/security/cve/CVE-2016-10009"
},
{
"category": "external",
"summary": "SUSE Bug 1016336 for CVE-2016-10009",
"url": "https://bugzilla.suse.com/1016336"
},
{
"category": "external",
"summary": "SUSE Bug 1016366 for CVE-2016-10009",
"url": "https://bugzilla.suse.com/1016366"
},
{
"category": "external",
"summary": "SUSE Bug 1016370 for CVE-2016-10009",
"url": "https://bugzilla.suse.com/1016370"
},
{
"category": "external",
"summary": "SUSE Bug 1026634 for CVE-2016-10009",
"url": "https://bugzilla.suse.com/1026634"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2016-10009",
"url": "https://bugzilla.suse.com/1138392"
},
{
"category": "external",
"summary": "SUSE Bug 1213504 for CVE-2016-10009",
"url": "https://bugzilla.suse.com/1213504"
},
{
"category": "external",
"summary": "SUSE Bug 1217035 for CVE-2016-10009",
"url": "https://bugzilla.suse.com/1217035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10009"
},
{
"cve": "CVE-2016-10010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10010"
}
],
"notes": [
{
"category": "general",
"text": "sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10010",
"url": "https://www.suse.com/security/cve/CVE-2016-10010"
},
{
"category": "external",
"summary": "SUSE Bug 1016336 for CVE-2016-10010",
"url": "https://bugzilla.suse.com/1016336"
},
{
"category": "external",
"summary": "SUSE Bug 1016368 for CVE-2016-10010",
"url": "https://bugzilla.suse.com/1016368"
},
{
"category": "external",
"summary": "SUSE Bug 1021751 for CVE-2016-10010",
"url": "https://bugzilla.suse.com/1021751"
},
{
"category": "external",
"summary": "SUSE Bug 1196721 for CVE-2016-10010",
"url": "https://bugzilla.suse.com/1196721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-10010"
},
{
"cve": "CVE-2016-10011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10011"
}
],
"notes": [
{
"category": "general",
"text": "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10011",
"url": "https://www.suse.com/security/cve/CVE-2016-10011"
},
{
"category": "external",
"summary": "SUSE Bug 1016336 for CVE-2016-10011",
"url": "https://bugzilla.suse.com/1016336"
},
{
"category": "external",
"summary": "SUSE Bug 1016369 for CVE-2016-10011",
"url": "https://bugzilla.suse.com/1016369"
},
{
"category": "external",
"summary": "SUSE Bug 1016370 for CVE-2016-10011",
"url": "https://bugzilla.suse.com/1016370"
},
{
"category": "external",
"summary": "SUSE Bug 1017870 for CVE-2016-10011",
"url": "https://bugzilla.suse.com/1017870"
},
{
"category": "external",
"summary": "SUSE Bug 1026634 for CVE-2016-10011",
"url": "https://bugzilla.suse.com/1026634"
},
{
"category": "external",
"summary": "SUSE Bug 1029445 for CVE-2016-10011",
"url": "https://bugzilla.suse.com/1029445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-10011"
},
{
"cve": "CVE-2016-10012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10012"
}
],
"notes": [
{
"category": "general",
"text": "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10012",
"url": "https://www.suse.com/security/cve/CVE-2016-10012"
},
{
"category": "external",
"summary": "SUSE Bug 1006166 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1006166"
},
{
"category": "external",
"summary": "SUSE Bug 1016336 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016336"
},
{
"category": "external",
"summary": "SUSE Bug 1016369 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016369"
},
{
"category": "external",
"summary": "SUSE Bug 1016370 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1016370"
},
{
"category": "external",
"summary": "SUSE Bug 1017870 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1017870"
},
{
"category": "external",
"summary": "SUSE Bug 1026634 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1026634"
},
{
"category": "external",
"summary": "SUSE Bug 1035742 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1035742"
},
{
"category": "external",
"summary": "SUSE Bug 1073044 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1073044"
},
{
"category": "external",
"summary": "SUSE Bug 1092582 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1092582"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2016-10012",
"url": "https://bugzilla.suse.com/1138392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-10012"
},
{
"cve": "CVE-2016-8858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8858"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that \"OpenSSH upstream does not consider this as a security issue.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8858",
"url": "https://www.suse.com/security/cve/CVE-2016-8858"
},
{
"category": "external",
"summary": "SUSE Bug 1005480 for CVE-2016-8858",
"url": "https://bugzilla.suse.com/1005480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8858"
},
{
"cve": "CVE-2018-20685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20685"
}
],
"notes": [
{
"category": "general",
"text": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20685",
"url": "https://www.suse.com/security/cve/CVE-2018-20685"
},
{
"category": "external",
"summary": "SUSE Bug 1121571 for CVE-2018-20685",
"url": "https://bugzilla.suse.com/1121571"
},
{
"category": "external",
"summary": "SUSE Bug 1123220 for CVE-2018-20685",
"url": "https://bugzilla.suse.com/1123220"
},
{
"category": "external",
"summary": "SUSE Bug 1131109 for CVE-2018-20685",
"url": "https://bugzilla.suse.com/1131109"
},
{
"category": "external",
"summary": "SUSE Bug 1134932 for CVE-2018-20685",
"url": "https://bugzilla.suse.com/1134932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-20685"
},
{
"cve": "CVE-2019-6109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6109"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6109",
"url": "https://www.suse.com/security/cve/CVE-2019-6109"
},
{
"category": "external",
"summary": "SUSE Bug 1121571 for CVE-2019-6109",
"url": "https://bugzilla.suse.com/1121571"
},
{
"category": "external",
"summary": "SUSE Bug 1121816 for CVE-2019-6109",
"url": "https://bugzilla.suse.com/1121816"
},
{
"category": "external",
"summary": "SUSE Bug 1121818 for CVE-2019-6109",
"url": "https://bugzilla.suse.com/1121818"
},
{
"category": "external",
"summary": "SUSE Bug 1121821 for CVE-2019-6109",
"url": "https://bugzilla.suse.com/1121821"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2019-6109",
"url": "https://bugzilla.suse.com/1138392"
},
{
"category": "external",
"summary": "SUSE Bug 1144902 for CVE-2019-6109",
"url": "https://bugzilla.suse.com/1144902"
},
{
"category": "external",
"summary": "SUSE Bug 1144903 for CVE-2019-6109",
"url": "https://bugzilla.suse.com/1144903"
},
{
"category": "external",
"summary": "SUSE Bug 1148884 for CVE-2019-6109",
"url": "https://bugzilla.suse.com/1148884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6109"
},
{
"cve": "CVE-2019-6110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6110"
}
],
"notes": [
{
"category": "general",
"text": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6110",
"url": "https://www.suse.com/security/cve/CVE-2019-6110"
},
{
"category": "external",
"summary": "SUSE Bug 1121571 for CVE-2019-6110",
"url": "https://bugzilla.suse.com/1121571"
},
{
"category": "external",
"summary": "SUSE Bug 1121816 for CVE-2019-6110",
"url": "https://bugzilla.suse.com/1121816"
},
{
"category": "external",
"summary": "SUSE Bug 1121818 for CVE-2019-6110",
"url": "https://bugzilla.suse.com/1121818"
},
{
"category": "external",
"summary": "SUSE Bug 1121821 for CVE-2019-6110",
"url": "https://bugzilla.suse.com/1121821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6110"
},
{
"cve": "CVE-2019-6111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6111"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6111",
"url": "https://www.suse.com/security/cve/CVE-2019-6111"
},
{
"category": "external",
"summary": "SUSE Bug 1121571 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1121571"
},
{
"category": "external",
"summary": "SUSE Bug 1121816 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1121816"
},
{
"category": "external",
"summary": "SUSE Bug 1121818 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1121818"
},
{
"category": "external",
"summary": "SUSE Bug 1121821 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1121821"
},
{
"category": "external",
"summary": "SUSE Bug 1123028 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1123028"
},
{
"category": "external",
"summary": "SUSE Bug 1123220 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1123220"
},
{
"category": "external",
"summary": "SUSE Bug 1131109 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1131109"
},
{
"category": "external",
"summary": "SUSE Bug 1138392 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1138392"
},
{
"category": "external",
"summary": "SUSE Bug 1144902 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1144902"
},
{
"category": "external",
"summary": "SUSE Bug 1144903 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1144903"
},
{
"category": "external",
"summary": "SUSE Bug 1148884 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1148884"
},
{
"category": "external",
"summary": "SUSE Bug 1201840 for CVE-2019-6111",
"url": "https://bugzilla.suse.com/1201840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:openssh-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-cavs-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-clients-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-common-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-fips-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-helpers-8.4p1-7.4.x86_64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.aarch64",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.ppc64le",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.s390x",
"openSUSE Tumbleweed:openssh-server-8.4p1-7.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6111"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…