Vulnerabilities (CVE)

Vendor filter

Openbsd Subscribe

Product filter

Openssh Subscribe

Filter

99 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-5107 1 Openbsd 1 Openssh 2017-09-19 5.0
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by...
CVE-2010-4478 1 Openbsd 1 Openssh 2017-09-19 7.5
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by...
CVE-2009-2904 1 Openbsd 1 Openssh 2017-09-19 6.9
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use...
CVE-2014-9278 1 Openbsd 1 Openssh 2017-09-08 4.0
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might...
CVE-2015-6565 1 Openbsd 1 Openssh 2017-09-02 7.2
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing...
CVE-2014-1692 1 Openbsd 1 Openssh 2017-08-29 7.5
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory...
CVE-2012-0814 1 Openbsd 1 Openssh 2017-08-29 3.5
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading...
CVE-2011-0539 1 Openbsd 1 Openssh 2017-08-17 5.0
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive...
CVE-2008-4109 1 Openbsd 1 Openssh 2017-08-08 5.0
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote...
CVE-2008-3844 1 Openbsd 1 Openssh 2017-08-08 9.3
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown...
CVE-2008-3259 1 Openbsd 1 Openssh 2017-08-08 1.2
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on...
CVE-2007-2243 1 Openbsd 1 Openssh 2017-07-29 5.0
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists,...
CVE-2001-1585 1 Openbsd 1 Openssh 2017-07-29 6.8
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key,...
CVE-2006-0883 2 Openbsd, Freebsd 2 Openssh, Freebsd 2017-07-20 5.0
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by...
CVE-2004-1653 1 Openbsd 1 Openssh 2017-07-11 6.4
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
CVE-2001-1459 1 Openbsd 1 Openssh 2017-07-11 7.5
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
CVE-2016-1907 1 Openbsd 1 Openssh 2017-02-17 5.0
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
CVE-2014-2653 1 Openbsd 1 Openssh 2017-01-07 5.8
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
CVE-2005-2797 1 Openbsd 1 Openssh 2016-12-08 5.0
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
CVE-2002-0640 1 Openbsd 1 Openssh 2016-10-18 10.0
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard...