Vulnerabilities (CVE)

Vendor filter

Openbsd Subscribe

Product filter

Openssh Subscribe

Filter

99 total CVE
CVE Vendors Products Updated CVSS
CVE-2003-0695 1 Openbsd 1 Openssh 2018-05-03 7.5
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a...
CVE-2003-0693 1 Openbsd 1 Openssh 2018-05-03 10.0
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability...
CVE-2003-0682 1 Openbsd 1 Openssh 2018-05-03 7.5
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
CVE-2001-1380 1 Openbsd 1 Openssh 2018-05-03 7.5
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP...
CVE-2001-0872 3 Suse, Openbsd, Redhat 3 Suse Linux, Openssh, Linux 2018-05-03 7.2
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
CVE-2001-0361 2 Ssh, Openbsd 2 Openssh, Ssh 2018-05-03 4.0
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on...
CVE-2001-0144 2 Ssh, Openbsd 2 Openssh, Ssh 2018-05-03 10.0
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
CVE-2000-0992 2 Ssh, Openbsd 2 Openssh, Ssh 2018-05-03 5.0
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
CVE-2007-3102 1 Openbsd 1 Openssh 2017-10-11 4.3
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of...
CVE-2006-5051 1 Openbsd 1 Openssh 2017-10-11 9.3
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVE-2005-2666 1 Openbsd 1 Openssh 2017-10-11 1.2
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to...
CVE-2004-0175 1 Openbsd 1 Openssh 2017-10-11 4.3
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
CVE-2003-0386 1 Openbsd 1 Openssh 2017-10-11 7.5
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose...
CVE-2003-0190 1 Openbsd 1 Openssh 2017-10-11 5.0
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVE-2001-1029 2 Openbsd, Freebsd 2 Openssh, Freebsd 2017-10-10 2.1
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by...
CVE-2001-0816 1 Openbsd 1 Openssh 2017-10-10 7.5
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
CVE-2001-0529 1 Openbsd 1 Openssh 2017-10-10 7.2
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
CVE-2000-1169 1 Openbsd 1 Openssh 2017-10-10 7.5
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
CVE-2000-0525 1 Openbsd 1 Openssh 2017-10-10 10.0
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
CVE-2008-3234 1 Openbsd 1 Openssh 2017-09-29 6.5
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.