Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
Typedeb
Namespacedebian
Nameopenssh
Version1:9.2p1-2+deb12u7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1:9.2p1-2+deb12u9
Latest_non_vulnerable_version1:10.3p1-1
Affected_by_vulnerabilities
0
url VCID-792n-jkzj-qqhd
vulnerability_id VCID-792n-jkzj-qqhd
summary In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35385
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.1055
published_at 2026-04-07T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10687
published_at 2026-04-04T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11582
published_at 2026-04-18T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11716
published_at 2026-04-08T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11771
published_at 2026-04-09T12:55:00Z
5
value 0.00039
scoring_system epss
scoring_elements 0.11782
published_at 2026-04-11T12:55:00Z
6
value 0.00039
scoring_system epss
scoring_elements 0.11743
published_at 2026-04-12T12:55:00Z
7
value 0.00039
scoring_system epss
scoring_elements 0.11718
published_at 2026-04-13T12:55:00Z
8
value 0.00039
scoring_system epss
scoring_elements 0.1158
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35385
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35385
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132572
reference_id 1132572
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132572
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454469
reference_id 2454469
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454469
6
reference_url https://www.openwall.com/lists/oss-security/2026/04/02/3
reference_id 3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/
url https://www.openwall.com/lists/oss-security/2026/04/02/3
7
reference_url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
reference_id ?l=openssh-unix-dev&m=177513443901484&w=2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/
url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
8
reference_url https://www.openssh.org/releasenotes.html#10.3p1
reference_id releasenotes.html#10.3p1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/
url https://www.openssh.org/releasenotes.html#10.3p1
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
2
url pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
purl pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2
3
url pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
purl pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1
4
url pkg:deb/debian/openssh@1:10.3p1-1
purl pkg:deb/debian/openssh@1:10.3p1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1
aliases CVE-2026-35385
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-792n-jkzj-qqhd
1
url VCID-8efr-budq-6bb6
vulnerability_id VCID-8efr-budq-6bb6
summary OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35414
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03583
published_at 2026-04-07T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03573
published_at 2026-04-04T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04506
published_at 2026-04-09T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04491
published_at 2026-04-08T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05159
published_at 2026-04-18T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.0524
published_at 2026-04-11T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05224
published_at 2026-04-12T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05211
published_at 2026-04-13T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05157
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35414
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35414
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132576
reference_id 1132576
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132576
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454490
reference_id 2454490
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454490
6
reference_url https://www.openwall.com/lists/oss-security/2026/04/02/3
reference_id 3
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/
url https://www.openwall.com/lists/oss-security/2026/04/02/3
7
reference_url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
reference_id ?l=openssh-unix-dev&m=177513443901484&w=2
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/
url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
8
reference_url https://www.openssh.org/releasenotes.html#10.3p1
reference_id releasenotes.html#10.3p1
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/
url https://www.openssh.org/releasenotes.html#10.3p1
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
2
url pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
purl pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2
3
url pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
purl pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1
4
url pkg:deb/debian/openssh@1:10.3p1-1
purl pkg:deb/debian/openssh@1:10.3p1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1
aliases CVE-2026-35414
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8efr-budq-6bb6
2
url VCID-a4eq-r71a-buhm
vulnerability_id VCID-a4eq-r71a-buhm
summary In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35386
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00508
published_at 2026-04-07T12:55:00Z
1
value 7e-05
scoring_system epss
scoring_elements 0.0051
published_at 2026-04-04T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00661
published_at 2026-04-18T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00678
published_at 2026-04-08T12:55:00Z
4
value 8e-05
scoring_system epss
scoring_elements 0.0067
published_at 2026-04-11T12:55:00Z
5
value 8e-05
scoring_system epss
scoring_elements 0.00663
published_at 2026-04-12T12:55:00Z
6
value 8e-05
scoring_system epss
scoring_elements 0.00664
published_at 2026-04-13T12:55:00Z
7
value 8e-05
scoring_system epss
scoring_elements 0.00656
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35386
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35386
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132573
reference_id 1132573
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132573
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454506
reference_id 2454506
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454506
6
reference_url https://www.openwall.com/lists/oss-security/2026/04/02/3
reference_id 3
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/
url https://www.openwall.com/lists/oss-security/2026/04/02/3
7
reference_url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
reference_id ?l=openssh-unix-dev&m=177513443901484&w=2
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/
url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
8
reference_url https://www.openssh.org/releasenotes.html#10.3p1
reference_id releasenotes.html#10.3p1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/
url https://www.openssh.org/releasenotes.html#10.3p1
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
2
url pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
purl pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2
3
url pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
purl pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1
4
url pkg:deb/debian/openssh@1:10.3p1-1
purl pkg:deb/debian/openssh@1:10.3p1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1
aliases CVE-2026-35386
risk_score 1.6
exploitability 0.5
weighted_severity 3.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4eq-r71a-buhm
3
url VCID-a7m6-uqbt-nqd9
vulnerability_id VCID-a7m6-uqbt-nqd9
summary openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61985
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03681
published_at 2026-04-02T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03634
published_at 2026-04-18T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03694
published_at 2026-04-11T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03706
published_at 2026-04-07T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.0371
published_at 2026-04-08T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03732
published_at 2026-04-09T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.03671
published_at 2026-04-12T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.03644
published_at 2026-04-13T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03622
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61985
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://www.openwall.com/lists/oss-security/2025/10/06/1
reference_id 1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/
url https://www.openwall.com/lists/oss-security/2025/10/06/1
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530
reference_id 1117530
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401962
reference_id 2401962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401962
7
reference_url https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
reference_id ?l=openssh-unix-dev&m=175974522032149&w=2
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/
url https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
8
reference_url https://www.openssh.com/releasenotes.html#10.1p1
reference_id releasenotes.html#10.1p1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/
url https://www.openssh.com/releasenotes.html#10.1p1
9
reference_url https://access.redhat.com/errata/RHSA-2025:23479
reference_id RHSA-2025:23479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23479
10
reference_url https://access.redhat.com/errata/RHSA-2025:23480
reference_id RHSA-2025:23480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23480
11
reference_url https://access.redhat.com/errata/RHSA-2025:23481
reference_id RHSA-2025:23481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23481
12
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
13
reference_url https://access.redhat.com/errata/RHSA-2026:0685
reference_id RHSA-2026:0685
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0685
14
reference_url https://access.redhat.com/errata/RHSA-2026:0693
reference_id RHSA-2026:0693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0693
15
reference_url https://access.redhat.com/errata/RHSA-2026:0976
reference_id RHSA-2026:0976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0976
16
reference_url https://access.redhat.com/errata/RHSA-2026:1652
reference_id RHSA-2026:1652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1652
17
reference_url https://access.redhat.com/errata/RHSA-2026:1678
reference_id RHSA-2026:1678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1678
18
reference_url https://access.redhat.com/errata/RHSA-2026:1790
reference_id RHSA-2026:1790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1790
19
reference_url https://access.redhat.com/errata/RHSA-2026:1815
reference_id RHSA-2026:1815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1815
20
reference_url https://access.redhat.com/errata/RHSA-2026:1858
reference_id RHSA-2026:1858
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1858
21
reference_url https://usn.ubuntu.com/8090-1/
reference_id USN-8090-1
reference_type
scores
url https://usn.ubuntu.com/8090-1/
22
reference_url https://usn.ubuntu.com/8090-2/
reference_id USN-8090-2
reference_type
scores
url https://usn.ubuntu.com/8090-2/
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
aliases CVE-2025-61985
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7m6-uqbt-nqd9
4
url VCID-ajmg-5kgx-k7h5
vulnerability_id VCID-ajmg-5kgx-k7h5
summary openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3497
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09146
published_at 2026-04-02T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09198
published_at 2026-04-04T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09123
published_at 2026-04-07T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09203
published_at 2026-04-12T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09232
published_at 2026-04-09T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.09235
published_at 2026-04-11T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10136
published_at 2026-04-18T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10288
published_at 2026-04-13T12:55:00Z
8
value 0.00035
scoring_system epss
scoring_elements 0.10161
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3497
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595
reference_id 1130595
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447085
reference_id 2447085
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447085
6
reference_url https://www.openwall.com/lists/oss-security/2026/03/12/3
reference_id 3
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/
url https://www.openwall.com/lists/oss-security/2026/03/12/3
7
reference_url https://ubuntu.com/security/CVE-2026-3497
reference_id CVE-2026-3497
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/
url https://ubuntu.com/security/CVE-2026-3497
8
reference_url https://access.redhat.com/errata/RHSA-2026:6461
reference_id RHSA-2026:6461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6461
9
reference_url https://access.redhat.com/errata/RHSA-2026:6462
reference_id RHSA-2026:6462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6462
10
reference_url https://access.redhat.com/errata/RHSA-2026:6463
reference_id RHSA-2026:6463
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6463
11
reference_url https://access.redhat.com/errata/RHSA-2026:7107
reference_id RHSA-2026:7107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7107
12
reference_url https://usn.ubuntu.com/8090-1/
reference_id USN-8090-1
reference_type
scores
url https://usn.ubuntu.com/8090-1/
13
reference_url https://usn.ubuntu.com/8090-2/
reference_id USN-8090-2
reference_type
scores
url https://usn.ubuntu.com/8090-2/
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
2
url pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
purl pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2
3
url pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
purl pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1
aliases CVE-2026-3497
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajmg-5kgx-k7h5
5
url VCID-bnrq-2fsr-mfgd
vulnerability_id VCID-bnrq-2fsr-mfgd
summary OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json
reference_id
reference_type
scores
0
value 2.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35388
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01324
published_at 2026-04-07T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01312
published_at 2026-04-04T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01597
published_at 2026-04-18T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01612
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01619
published_at 2026-04-09T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01604
published_at 2026-04-11T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01595
published_at 2026-04-12T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01594
published_at 2026-04-13T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01583
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35388
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35388
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35388
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132575
reference_id 1132575
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132575
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454500
reference_id 2454500
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454500
6
reference_url https://www.openwall.com/lists/oss-security/2026/04/02/3
reference_id 3
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/
url https://www.openwall.com/lists/oss-security/2026/04/02/3
7
reference_url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
reference_id ?l=openssh-unix-dev&m=177513443901484&w=2
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/
url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
8
reference_url https://www.openssh.org/releasenotes.html#10.3p1
reference_id releasenotes.html#10.3p1
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/
url https://www.openssh.org/releasenotes.html#10.3p1
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
1
url pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
purl pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1
2
url pkg:deb/debian/openssh@1:10.3p1-1
purl pkg:deb/debian/openssh@1:10.3p1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1
aliases CVE-2026-35388
risk_score 1.1
exploitability 0.5
weighted_severity 2.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnrq-2fsr-mfgd
6
url VCID-kgn5-p8kx-qucj
vulnerability_id VCID-kgn5-p8kx-qucj
summary OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35387
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07582
published_at 2026-04-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07559
published_at 2026-04-07T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08638
published_at 2026-04-13T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08673
published_at 2026-04-11T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08676
published_at 2026-04-09T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08651
published_at 2026-04-12T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08515
published_at 2026-04-18T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.08528
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35387
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35387
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132574
reference_id 1132574
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132574
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454494
reference_id 2454494
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454494
6
reference_url https://www.openwall.com/lists/oss-security/2026/04/02/3
reference_id 3
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/
url https://www.openwall.com/lists/oss-security/2026/04/02/3
7
reference_url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
reference_id ?l=openssh-unix-dev&m=177513443901484&w=2
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/
url https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
8
reference_url https://www.openssh.org/releasenotes.html#10.3p1
reference_id releasenotes.html#10.3p1
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/
url https://www.openssh.org/releasenotes.html#10.3p1
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
2
url pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
purl pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2
3
url pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
purl pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1
4
url pkg:deb/debian/openssh@1:10.3p1-1
purl pkg:deb/debian/openssh@1:10.3p1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1
aliases CVE-2026-35387
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgn5-p8kx-qucj
7
url VCID-wga4-sqwk-4bfj
vulnerability_id VCID-wga4-sqwk-4bfj
summary openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61984
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01186
published_at 2026-04-02T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01197
published_at 2026-04-18T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01193
published_at 2026-04-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01201
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01208
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01211
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01198
published_at 2026-04-11T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01195
published_at 2026-04-13T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01184
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61984
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://www.openwall.com/lists/oss-security/2025/10/06/1
reference_id 1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/
url https://www.openwall.com/lists/oss-security/2025/10/06/1
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529
reference_id 1117529
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401960
reference_id 2401960
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401960
7
reference_url https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
reference_id ?l=openssh-unix-dev&m=175974522032149&w=2
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/
url https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
8
reference_url https://www.openssh.com/releasenotes.html#10.1p1
reference_id releasenotes.html#10.1p1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/
url https://www.openssh.com/releasenotes.html#10.1p1
9
reference_url https://access.redhat.com/errata/RHSA-2025:23479
reference_id RHSA-2025:23479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23479
10
reference_url https://access.redhat.com/errata/RHSA-2025:23480
reference_id RHSA-2025:23480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23480
11
reference_url https://access.redhat.com/errata/RHSA-2025:23481
reference_id RHSA-2025:23481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23481
12
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
13
reference_url https://access.redhat.com/errata/RHSA-2026:0685
reference_id RHSA-2026:0685
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0685
14
reference_url https://access.redhat.com/errata/RHSA-2026:0693
reference_id RHSA-2026:0693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0693
15
reference_url https://access.redhat.com/errata/RHSA-2026:0976
reference_id RHSA-2026:0976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0976
16
reference_url https://access.redhat.com/errata/RHSA-2026:1652
reference_id RHSA-2026:1652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1652
17
reference_url https://access.redhat.com/errata/RHSA-2026:1678
reference_id RHSA-2026:1678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1678
18
reference_url https://access.redhat.com/errata/RHSA-2026:1790
reference_id RHSA-2026:1790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1790
19
reference_url https://access.redhat.com/errata/RHSA-2026:1815
reference_id RHSA-2026:1815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1815
20
reference_url https://access.redhat.com/errata/RHSA-2026:1858
reference_id RHSA-2026:1858
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1858
21
reference_url https://usn.ubuntu.com/8090-1/
reference_id USN-8090-1
reference_type
scores
url https://usn.ubuntu.com/8090-1/
22
reference_url https://usn.ubuntu.com/8090-2/
reference_id USN-8090-2
reference_type
scores
url https://usn.ubuntu.com/8090-2/
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
aliases CVE-2025-61984
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wga4-sqwk-4bfj
Fixing_vulnerabilities
0
url VCID-a7m6-uqbt-nqd9
vulnerability_id VCID-a7m6-uqbt-nqd9
summary openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61985
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03681
published_at 2026-04-02T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03634
published_at 2026-04-18T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03694
published_at 2026-04-11T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03706
published_at 2026-04-07T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.0371
published_at 2026-04-08T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03732
published_at 2026-04-09T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.03671
published_at 2026-04-12T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.03644
published_at 2026-04-13T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03622
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61985
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://www.openwall.com/lists/oss-security/2025/10/06/1
reference_id 1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/
url https://www.openwall.com/lists/oss-security/2025/10/06/1
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530
reference_id 1117530
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401962
reference_id 2401962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401962
7
reference_url https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
reference_id ?l=openssh-unix-dev&m=175974522032149&w=2
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/
url https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
8
reference_url https://www.openssh.com/releasenotes.html#10.1p1
reference_id releasenotes.html#10.1p1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/
url https://www.openssh.com/releasenotes.html#10.1p1
9
reference_url https://access.redhat.com/errata/RHSA-2025:23479
reference_id RHSA-2025:23479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23479
10
reference_url https://access.redhat.com/errata/RHSA-2025:23480
reference_id RHSA-2025:23480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23480
11
reference_url https://access.redhat.com/errata/RHSA-2025:23481
reference_id RHSA-2025:23481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23481
12
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
13
reference_url https://access.redhat.com/errata/RHSA-2026:0685
reference_id RHSA-2026:0685
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0685
14
reference_url https://access.redhat.com/errata/RHSA-2026:0693
reference_id RHSA-2026:0693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0693
15
reference_url https://access.redhat.com/errata/RHSA-2026:0976
reference_id RHSA-2026:0976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0976
16
reference_url https://access.redhat.com/errata/RHSA-2026:1652
reference_id RHSA-2026:1652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1652
17
reference_url https://access.redhat.com/errata/RHSA-2026:1678
reference_id RHSA-2026:1678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1678
18
reference_url https://access.redhat.com/errata/RHSA-2026:1790
reference_id RHSA-2026:1790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1790
19
reference_url https://access.redhat.com/errata/RHSA-2026:1815
reference_id RHSA-2026:1815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1815
20
reference_url https://access.redhat.com/errata/RHSA-2026:1858
reference_id RHSA-2026:1858
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1858
21
reference_url https://usn.ubuntu.com/8090-1/
reference_id USN-8090-1
reference_type
scores
url https://usn.ubuntu.com/8090-1/
22
reference_url https://usn.ubuntu.com/8090-2/
reference_id USN-8090-2
reference_type
scores
url https://usn.ubuntu.com/8090-2/
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-792n-jkzj-qqhd
1
vulnerability VCID-8efr-budq-6bb6
2
vulnerability VCID-a4eq-r71a-buhm
3
vulnerability VCID-a7m6-uqbt-nqd9
4
vulnerability VCID-ajmg-5kgx-k7h5
5
vulnerability VCID-bnrq-2fsr-mfgd
6
vulnerability VCID-kgn5-p8kx-qucj
7
vulnerability VCID-wga4-sqwk-4bfj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
2
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
aliases CVE-2025-61985
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7m6-uqbt-nqd9
1
url VCID-ajmg-5kgx-k7h5
vulnerability_id VCID-ajmg-5kgx-k7h5
summary openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3497
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09146
published_at 2026-04-02T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09198
published_at 2026-04-04T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09123
published_at 2026-04-07T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09203
published_at 2026-04-12T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09232
published_at 2026-04-09T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.09235
published_at 2026-04-11T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.10136
published_at 2026-04-18T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10288
published_at 2026-04-13T12:55:00Z
8
value 0.00035
scoring_system epss
scoring_elements 0.10161
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3497
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595
reference_id 1130595
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447085
reference_id 2447085
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447085
6
reference_url https://www.openwall.com/lists/oss-security/2026/03/12/3
reference_id 3
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/
url https://www.openwall.com/lists/oss-security/2026/03/12/3
7
reference_url https://ubuntu.com/security/CVE-2026-3497
reference_id CVE-2026-3497
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/
url https://ubuntu.com/security/CVE-2026-3497
8
reference_url https://access.redhat.com/errata/RHSA-2026:6461
reference_id RHSA-2026:6461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6461
9
reference_url https://access.redhat.com/errata/RHSA-2026:6462
reference_id RHSA-2026:6462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6462
10
reference_url https://access.redhat.com/errata/RHSA-2026:6463
reference_id RHSA-2026:6463
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6463
11
reference_url https://access.redhat.com/errata/RHSA-2026:7107
reference_id RHSA-2026:7107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7107
12
reference_url https://usn.ubuntu.com/8090-1/
reference_id USN-8090-1
reference_type
scores
url https://usn.ubuntu.com/8090-1/
13
reference_url https://usn.ubuntu.com/8090-2/
reference_id USN-8090-2
reference_type
scores
url https://usn.ubuntu.com/8090-2/
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-792n-jkzj-qqhd
1
vulnerability VCID-8efr-budq-6bb6
2
vulnerability VCID-a4eq-r71a-buhm
3
vulnerability VCID-a7m6-uqbt-nqd9
4
vulnerability VCID-ajmg-5kgx-k7h5
5
vulnerability VCID-bnrq-2fsr-mfgd
6
vulnerability VCID-kgn5-p8kx-qucj
7
vulnerability VCID-wga4-sqwk-4bfj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
2
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
3
url pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
purl pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u2
4
url pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
purl pkg:deb/debian/openssh@1:10.2p1-2~bpo13%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-2~bpo13%252B1
aliases CVE-2026-3497
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajmg-5kgx-k7h5
2
url VCID-b4uc-yh56-muej
vulnerability_id VCID-b4uc-yh56-muej
summary openssh: possible bypass of fido 2 devices and ssh-askpass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36368.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36368.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36368
reference_id
reference_type
scores
0
value 0.00395
scoring_system epss
scoring_elements 0.60245
published_at 2026-04-01T12:55:00Z
1
value 0.00395
scoring_system epss
scoring_elements 0.60322
published_at 2026-04-02T12:55:00Z
2
value 0.00395
scoring_system epss
scoring_elements 0.60348
published_at 2026-04-04T12:55:00Z
3
value 0.00395
scoring_system epss
scoring_elements 0.60317
published_at 2026-04-07T12:55:00Z
4
value 0.00395
scoring_system epss
scoring_elements 0.60366
published_at 2026-04-08T12:55:00Z
5
value 0.00395
scoring_system epss
scoring_elements 0.60381
published_at 2026-04-09T12:55:00Z
6
value 0.00532
scoring_system epss
scoring_elements 0.67331
published_at 2026-04-18T12:55:00Z
7
value 0.00532
scoring_system epss
scoring_elements 0.67333
published_at 2026-04-11T12:55:00Z
8
value 0.00532
scoring_system epss
scoring_elements 0.67319
published_at 2026-04-16T12:55:00Z
9
value 0.00532
scoring_system epss
scoring_elements 0.67284
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36368
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36368
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36368
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2086690
reference_id 2086690
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2086690
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-792n-jkzj-qqhd
1
vulnerability VCID-8efr-budq-6bb6
2
vulnerability VCID-a4eq-r71a-buhm
3
vulnerability VCID-a7m6-uqbt-nqd9
4
vulnerability VCID-ajmg-5kgx-k7h5
5
vulnerability VCID-bnrq-2fsr-mfgd
6
vulnerability VCID-kgn5-p8kx-qucj
7
vulnerability VCID-wga4-sqwk-4bfj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7
aliases CVE-2021-36368
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4uc-yh56-muej
3
url VCID-ha8v-pqwf-r3a1
vulnerability_id VCID-ha8v-pqwf-r3a1
summary Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26465
reference_id
reference_type
scores
0
value 0.73605
scoring_system epss
scoring_elements 0.98804
published_at 2026-04-09T12:55:00Z
1
value 0.73605
scoring_system epss
scoring_elements 0.98814
published_at 2026-04-18T12:55:00Z
2
value 0.73605
scoring_system epss
scoring_elements 0.98809
published_at 2026-04-13T12:55:00Z
3
value 0.73605
scoring_system epss
scoring_elements 0.98808
published_at 2026-04-12T12:55:00Z
4
value 0.73605
scoring_system epss
scoring_elements 0.98807
published_at 2026-04-11T12:55:00Z
5
value 0.73605
scoring_system epss
scoring_elements 0.98813
published_at 2026-04-16T12:55:00Z
6
value 0.73977
scoring_system epss
scoring_elements 0.98818
published_at 2026-04-04T12:55:00Z
7
value 0.73977
scoring_system epss
scoring_elements 0.98815
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26465
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://seclists.org/oss-sec/2025/q1/144
reference_id 144
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/
url https://seclists.org/oss-sec/2025/q1/144
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2344780
reference_id 2344780
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2344780
6
reference_url https://access.redhat.com/solutions/7109879
reference_id 7109879
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/
url https://access.redhat.com/solutions/7109879
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9
reference_id cpe:/a:redhat:discovery:1.14::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id cpe:/a:redhat:openshift:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
reference_id cpe:/o:redhat:enterprise_linux:8::baseos
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
reference_id cpe:/o:redhat:rhel_eus:9.4::baseos
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
18
reference_url https://access.redhat.com/security/cve/CVE-2025-26465
reference_id CVE-2025-26465
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/
url https://access.redhat.com/security/cve/CVE-2025-26465
19
reference_url https://security.gentoo.org/glsa/202502-01
reference_id GLSA-202502-01
reference_type
scores
url https://security.gentoo.org/glsa/202502-01
20
reference_url https://access.redhat.com/errata/RHSA-2025:16823
reference_id RHSA-2025:16823
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/
url https://access.redhat.com/errata/RHSA-2025:16823
21
reference_url https://access.redhat.com/errata/RHSA-2025:3837
reference_id RHSA-2025:3837
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/
url https://access.redhat.com/errata/RHSA-2025:3837
22
reference_url https://access.redhat.com/errata/RHSA-2025:6993
reference_id RHSA-2025:6993
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/
url https://access.redhat.com/errata/RHSA-2025:6993
23
reference_url https://access.redhat.com/errata/RHSA-2025:8385
reference_id RHSA-2025:8385
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/
url https://access.redhat.com/errata/RHSA-2025:8385
24
reference_url https://usn.ubuntu.com/7270-1/
reference_id USN-7270-1
reference_type
scores
url https://usn.ubuntu.com/7270-1/
25
reference_url https://usn.ubuntu.com/7270-2/
reference_id USN-7270-2
reference_type
scores
url https://usn.ubuntu.com/7270-2/
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-792n-jkzj-qqhd
1
vulnerability VCID-8efr-budq-6bb6
2
vulnerability VCID-a4eq-r71a-buhm
3
vulnerability VCID-a7m6-uqbt-nqd9
4
vulnerability VCID-ajmg-5kgx-k7h5
5
vulnerability VCID-bnrq-2fsr-mfgd
6
vulnerability VCID-kgn5-p8kx-qucj
7
vulnerability VCID-wga4-sqwk-4bfj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7
aliases CVE-2025-26465
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ha8v-pqwf-r3a1
4
url VCID-hse5-y15y-n3dw
vulnerability_id VCID-hse5-y15y-n3dw
summary openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32728
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50759
published_at 2026-04-02T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50842
published_at 2026-04-18T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50785
published_at 2026-04-04T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50741
published_at 2026-04-07T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50797
published_at 2026-04-13T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50794
published_at 2026-04-09T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50837
published_at 2026-04-11T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50813
published_at 2026-04-12T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.50835
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32728
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig
reference_id 013_ssh.patch.sig
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/
url https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig
5
reference_url https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
reference_id 041879.html
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/
url https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603
reference_id 1102603
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358767
reference_id 2358767
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2358767
8
reference_url https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
reference_id fc86875e6acb36401dfc1dfb6b628a9d1460f367
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/
url https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
9
reference_url https://www.openssh.com/txt/release-10.0
reference_id release-10.0
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/
url https://www.openssh.com/txt/release-10.0
10
reference_url https://www.openssh.com/txt/release-7.4
reference_id release-7.4
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/
url https://www.openssh.com/txt/release-7.4
11
reference_url https://access.redhat.com/errata/RHSA-2025:20126
reference_id RHSA-2025:20126
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20126
12
reference_url https://usn.ubuntu.com/7457-1/
reference_id USN-7457-1
reference_type
scores
url https://usn.ubuntu.com/7457-1/
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-792n-jkzj-qqhd
1
vulnerability VCID-8efr-budq-6bb6
2
vulnerability VCID-a4eq-r71a-buhm
3
vulnerability VCID-a7m6-uqbt-nqd9
4
vulnerability VCID-ajmg-5kgx-k7h5
5
vulnerability VCID-bnrq-2fsr-mfgd
6
vulnerability VCID-kgn5-p8kx-qucj
7
vulnerability VCID-wga4-sqwk-4bfj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7
aliases CVE-2025-32728
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hse5-y15y-n3dw
5
url VCID-wga4-sqwk-4bfj
vulnerability_id VCID-wga4-sqwk-4bfj
summary openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61984
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01186
published_at 2026-04-02T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01197
published_at 2026-04-18T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01193
published_at 2026-04-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01201
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01208
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01211
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01198
published_at 2026-04-11T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01195
published_at 2026-04-13T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01184
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61984
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://www.openwall.com/lists/oss-security/2025/10/06/1
reference_id 1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/
url https://www.openwall.com/lists/oss-security/2025/10/06/1
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529
reference_id 1117529
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401960
reference_id 2401960
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401960
7
reference_url https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
reference_id ?l=openssh-unix-dev&m=175974522032149&w=2
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/
url https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2
8
reference_url https://www.openssh.com/releasenotes.html#10.1p1
reference_id releasenotes.html#10.1p1
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/
url https://www.openssh.com/releasenotes.html#10.1p1
9
reference_url https://access.redhat.com/errata/RHSA-2025:23479
reference_id RHSA-2025:23479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23479
10
reference_url https://access.redhat.com/errata/RHSA-2025:23480
reference_id RHSA-2025:23480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23480
11
reference_url https://access.redhat.com/errata/RHSA-2025:23481
reference_id RHSA-2025:23481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23481
12
reference_url https://access.redhat.com/errata/RHSA-2026:0414
reference_id RHSA-2026:0414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0414
13
reference_url https://access.redhat.com/errata/RHSA-2026:0685
reference_id RHSA-2026:0685
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0685
14
reference_url https://access.redhat.com/errata/RHSA-2026:0693
reference_id RHSA-2026:0693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0693
15
reference_url https://access.redhat.com/errata/RHSA-2026:0976
reference_id RHSA-2026:0976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0976
16
reference_url https://access.redhat.com/errata/RHSA-2026:1652
reference_id RHSA-2026:1652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1652
17
reference_url https://access.redhat.com/errata/RHSA-2026:1678
reference_id RHSA-2026:1678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1678
18
reference_url https://access.redhat.com/errata/RHSA-2026:1790
reference_id RHSA-2026:1790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1790
19
reference_url https://access.redhat.com/errata/RHSA-2026:1815
reference_id RHSA-2026:1815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1815
20
reference_url https://access.redhat.com/errata/RHSA-2026:1858
reference_id RHSA-2026:1858
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1858
21
reference_url https://usn.ubuntu.com/8090-1/
reference_id USN-8090-1
reference_type
scores
url https://usn.ubuntu.com/8090-1/
22
reference_url https://usn.ubuntu.com/8090-2/
reference_id USN-8090-2
reference_type
scores
url https://usn.ubuntu.com/8090-2/
fixed_packages
0
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-792n-jkzj-qqhd
1
vulnerability VCID-8efr-budq-6bb6
2
vulnerability VCID-a4eq-r71a-buhm
3
vulnerability VCID-a7m6-uqbt-nqd9
4
vulnerability VCID-ajmg-5kgx-k7h5
5
vulnerability VCID-bnrq-2fsr-mfgd
6
vulnerability VCID-kgn5-p8kx-qucj
7
vulnerability VCID-wga4-sqwk-4bfj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7
1
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u8
2
url pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
purl pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u9
aliases CVE-2025-61984
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wga4-sqwk-4bfj
Risk_score3.7
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7