Vulnerabilities (CVE)

Vendor filter

Openbsd Subscribe

Product filter

Openssh Subscribe

Filter

34 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16905 1 Openbsd 1 Openssh 2019-10-16 7.5
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and remote code...
CVE-2006-5794 1 Openbsd 1 Openssh 2018-10-17 7.5
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is...
CVE-2006-4924 1 Openbsd 1 Openssh 2018-10-17 7.8
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation...
CVE-2007-4752 1 Openbsd 1 Openssh 2018-10-15 7.5
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
CVE-2016-8858 1 Openbsd 1 Openssh 2018-09-19 7.8
** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that...
CVE-2016-6515 2 Openbsd, Fedoraproject 2 Openssh, Fedora 2018-09-11 7.8
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVE-2016-1908 1 Openbsd 1 Openssh 2018-09-11 7.5
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11...
CVE-2016-10009 1 Openbsd 1 Openssh 2018-09-11 7.5
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVE-2015-5600 1 Openbsd 1 Openssh 2018-09-11 8.5
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct...
CVE-2003-0695 1 Openbsd 1 Openssh 2018-05-03 7.5
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a...
CVE-2003-0693 1 Openbsd 1 Openssh 2018-05-03 10.0
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability...
CVE-2003-0682 1 Openbsd 1 Openssh 2018-05-03 7.5
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
CVE-2001-1380 1 Openbsd 1 Openssh 2018-05-03 7.5
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP...
CVE-2001-0144 2 Ssh, Openbsd 2 Openssh, Ssh 2018-05-03 10.0
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
CVE-2006-5051 1 Openbsd 1 Openssh 2017-10-11 9.3
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVE-2003-0386 1 Openbsd 1 Openssh 2017-10-11 7.5
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose...
CVE-2001-0816 1 Openbsd 1 Openssh 2017-10-10 7.5
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
CVE-2000-1169 1 Openbsd 1 Openssh 2017-10-10 7.5
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
CVE-2000-0525 1 Openbsd 1 Openssh 2017-10-10 10.0
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
CVE-2010-4478 1 Openbsd 1 Openssh 2017-09-19 7.5
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by...