Vulnerabilities (CVE)

Vendor filter

Openbsd Subscribe

Product filter

Openssh Subscribe


34 total CVE
CVE Vendors Products Updated CVSS
CVE-2014-1692 1 Openbsd 1 Openssh 2017-08-29 7.5
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory...
CVE-2008-3844 1 Openbsd 1 Openssh 2017-08-08 9.3
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown...
CVE-2001-1459 1 Openbsd 1 Openssh 2017-07-11 7.5
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
CVE-2002-0640 1 Openbsd 1 Openssh 2016-10-18 10.0
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard...
CVE-2002-0639 1 Openbsd 1 Openssh 2016-10-18 10.0
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
CVE-2002-0575 1 Openbsd 1 Openssh 2016-10-18 7.5
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
CVE-2002-0083 9 Conectiva, Redhat, Suse and 6 more 11 Secure Linux, Mandrake Single Network Firewall, Mandrake Linux Corporate Server and 8 more 2016-10-18 10.0
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2003-0787 1 Openbsd 1 Openssh 2008-09-10 7.5
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
CVE-2003-0786 1 Openbsd 1 Openssh 2008-09-10 10.0
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
CVE-2002-0765 1 Openbsd 2 Openssh, Openbsd 2008-09-10 7.5
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
CVE-2001-1507 1 Openbsd 1 Openssh 2008-09-10 7.5
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
CVE-2001-0572 2 Ssh, Openbsd 2 Openssh, Ssh 2008-09-05 7.5
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which...
CVE-2000-0999 1 Openbsd 1 Openssh 2008-09-05 10.0
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
CVE-2003-1562 1 Openbsd 1 Openssh 2008-09-05 7.6
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to...