Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd openssh vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2016-10010
sshd in OpenSSH prior to 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
Openbsd Openssh
1 EDB exploit
5.5
CVSSv3
CVE-2016-10011
authfile.c in sshd in OpenSSH prior to 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
Openbsd Openssh
NA
CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and previous versions with PAM support enabled immediately sends an error message when a user does not exist, which allows remote malicious users to determine valid usernames via a timing attack.
Openbsd Openssh
Openbsd Openssh 3.6.1
Openpkg Openpkg 1.3
Openpkg Openpkg 1.2
Siemens Scalance X204rna Ecc Firmware
Siemens Scalance X204rna Firmware
3 EDB exploits
7.5
CVSSv3
CVE-2020-12062
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirec...
Openbsd Openssh 8.2
NA
CVE-2000-0999
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow malicious users to gain root privileges.
Openbsd Openssh 4.5
NA
CVE-2000-1169
OpenSSH SSH client prior to 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
Openbsd Openssh 2.2
NA
CVE-2001-1585
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote malicious users to...
Openbsd Openssh 2.3.1
NA
CVE-2006-5229
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote malicious users to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as d...
Openbsd Openssh 4.1
1 EDB exploit
NA
CVE-1999-1010
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
Openbsd Openssh 1.2.27
1 Github repository
NA
CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
Openbsd Openssh 4.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »