Vulnerabilities (CVE)

Vendor filter

Openbsd Subscribe

Product filter

Openssh Subscribe

Filter

99 total CVE
CVE Vendors Products Updated CVSS
CVE-2006-4925 1 Openbsd 1 Openssh 2018-10-17 5.0
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
CVE-2006-4924 1 Openbsd 1 Openssh 2018-10-17 7.8
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation...
CVE-2007-4752 1 Openbsd 1 Openssh 2018-10-15 7.5
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
CVE-2007-4654 3 Teamf1, Cisco, Openbsd 3 Openssh, Webns, Sshield 2018-10-15 5.0
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash)...
CVE-2008-5161 2 Ssh, Openbsd 5 Openssh, Tectia Connectsecure, Tectia Server and 2 more 2018-10-11 2.6
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4;...
CVE-2008-1657 1 Openbsd 1 Openssh 2018-10-11 6.5
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
CVE-2008-1483 1 Openbsd 1 Openssh 2018-10-11 6.9
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4)...
CVE-2016-8858 1 Openbsd 1 Openssh 2018-09-19 7.8
** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that...
CVE-2016-6515 2 Openbsd, Fedoraproject 2 Openssh, Fedora 2018-09-11 7.8
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVE-2016-3115 2 Openbsd, Oracle 2 Openssh, Vm Server 2018-09-11 5.5
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2)...
CVE-2016-1908 1 Openbsd 1 Openssh 2018-09-11 7.5
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11...
CVE-2016-10012 1 Openbsd 1 Openssh 2018-09-11 7.2
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a...
CVE-2016-10011 1 Openbsd 1 Openssh 2018-09-11 2.1
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2016-10009 1 Openbsd 1 Openssh 2018-09-11 7.5
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVE-2015-6564 1 Openbsd 1 Openssh 2018-09-11 6.9
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early...
CVE-2015-6563 2 Apple, Openbsd 2 Openssh, Mac Os X 2018-09-11 1.9
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in...
CVE-2015-5600 1 Openbsd 1 Openssh 2018-09-11 8.5
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct...
CVE-2014-2532 2 Openbsd, Oracle 2 Openssh, Communications User Data Repository 2018-07-19 5.8
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
CVE-2015-8325 3 Debian, Openbsd, Canonical 5 Debian Linux, Ubuntu Core, Openssh and 2 more 2018-06-30 7.2
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a...
CVE-2016-10010 1 Openbsd 1 Openssh 2018-06-01 6.9
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.