libssh (SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS package libssh, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2019-14889 — CVSS 8.8 (high): A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects…
CVE-2023-1667 — CVSS 6.5 (medium): A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to…
CVE-2021-3634 — CVSS 6.5 (medium): A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the…
CVE-2023-2283 — CVSS 6.5 (medium): A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signatur…
CVE-2023-48795 — CVSS 5.9 (medium): The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to…
CVE-2020-1730 — CVSS 5.3 (medium): A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The…
CVE-2023-6004 — CVSS 4.8 (medium): A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client…
CVE-2023-6918 — CVSS 3.7 (low): A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto…