Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd openssh vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2004-2760
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote malicious users to gue...
Openbsd Openssh 3.5
Openbsd Openssh 3.5p1
5
CVSSv2
CVE-2011-0539
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote malicious users to obtain sensitive stack memory contents or mak...
Openbsd Openssh 5.6
Openbsd Openssh 5.7
6
CVSSv2
CVE-2013-4548
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restri...
Openbsd Openssh 6.3
Openbsd Openssh 6.2
7.2
CVSSv2
CVE-2015-6565
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.
Openbsd Openssh 6.9
Openbsd Openssh 6.8
1 EDB exploit
5
CVSSv2
CVE-2004-2069
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remot...
Openbsd Openssh 3.6.1p2
Openbsd Openssh 3.7.1p2
7.5
CVSSv2
CVE-2001-1507
OpenSSH prior to 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote malicious users to login unchallenged.
Openbsd Openssh 3.0
Openbsd Openssh 3.0p1
10
CVSSv2
CVE-2001-0144
CORE SDI SSH1 CRC-32 compensation attack detector allows remote malicious users to execute arbitrary commands on an SSH server or client via an integer overflow.
Openbsd Openssh 1.2.2
Openbsd Openssh 1.2.3
Ssh Ssh 1.2.27
Ssh Ssh 1.2.28
Openbsd Openssh 2.2
Ssh Ssh 1.2.24
Ssh Ssh 1.2.31
Openbsd Openssh 2.1
Openbsd Openssh 2.1.1
Ssh Ssh 1.2.29
Ssh Ssh 1.2.30
Ssh Ssh 1.2.25
Ssh Ssh 1.2.26
2 EDB exploits
7.5
CVSSv2
CVE-2002-0765
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
Openbsd Openssh 3.2.2
Openbsd Openbsd 3.1
NA
CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this ...
Openbsd Openssh
Openbsd Openssh 9.3
Fedoraproject Fedora 37
Fedoraproject Fedora 38
10 Github repositories
7.5
CVSSv2
CVE-2001-0816
OpenSSH prior to 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
Openbsd Openssh
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »