Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd openssh vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2653
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and previous versions allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Openbsd Openssh 6.4
Openbsd Openssh 6.3
Openbsd Openssh 6.5
Openbsd Openssh 6.2
Openbsd Openssh 6.1
Openbsd Openssh 6.0
Openbsd Openssh
NA
CVE-2008-1657
OpenSSH 4.4 up to versions prior to 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Openbsd Openssh 4.4
Openbsd Openssh 4.4p1
Openbsd Openssh 4.5
Openbsd Openssh 4.6
Openbsd Openssh 4.7
Openbsd Openssh 4.8
1 Github repository
7.5
CVSSv3
CVE-2016-8858
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x up to and including 7.3 allows remote malicious users to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not cons...
Openbsd Openssh 6.9
Openbsd Openssh 7.3
Openbsd Openssh 7.1
Openbsd Openssh 7.2
Openbsd Openssh 6.8
Openbsd Openssh 7.0
5.3
CVSSv3
CVE-2016-1907
The ssh_packet_read_poll2 function in packet.c in OpenSSH prior to 7.1p2 allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Openbsd Openssh 6.9
Openbsd Openssh 6.8
Openbsd Openssh 7.0
Openbsd Openssh 7.1
4.9
CVSSv3
CVE-2014-2532
sshd in OpenSSH prior to 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote malicious users to bypass intended environment restrictions by using a substring located before a wildcard character.
Oracle Communications User Data Repository 10.0.1
Openbsd Openssh
Openbsd Openssh 6.4
Openbsd Openssh 6.1
Openbsd Openssh 6.0
Openbsd Openssh 6.3
Openbsd Openssh 6.2
NA
CVE-2000-0525
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
Openbsd Openssh 1.2.3
Openbsd Openssh 2.1
Openbsd Openssh 1.2
NA
CVE-2001-0361
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote malicious user to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
Openbsd Openssh 1.2.3
Ssh Ssh
Openbsd Openssh 2.1
Openbsd Openssh 2.1.1
NA
CVE-2004-2760
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote malicious users to gue...
Openbsd Openssh 3.5
Openbsd Openssh 3.5p1
NA
CVE-2015-6565
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.
Openbsd Openssh 6.9
Openbsd Openssh 6.8
1 EDB exploit
NA
CVE-2009-2904
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroo...
Openbsd Openssh 4.3
Openbsd Openssh 4.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »