Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd openssh vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-1653
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
Openbsd Openssh
NA
CVE-2001-1380
OpenSSH prior to 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote malicious users to login from unauthorized IP addresses.
Openbsd Openssh
9.8
CVSSv3
CVE-2002-0639
Integer overflow in sshd in OpenSSH 2.9.9 up to and including 3.3 allows remote malicious users to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
Openbsd Openssh
NA
CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and previous versions with PAM support enabled immediately sends an error message when a user does not exist, which allows remote malicious users to determine valid usernames via a timing attack.
Openbsd Openssh
Openbsd Openssh 3.6.1
Openpkg Openpkg 1.3
Openpkg Openpkg 1.2
Siemens Scalance X204rna Ecc Firmware
Siemens Scalance X204rna Firmware
3 EDB exploits
NA
CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
Openbsd Openssh 4.0
1 EDB exploit
NA
CVE-2006-4925
packet.c in ssh in OpenSSH allows remote malicious users to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
Openbsd Openssh 4.5
NA
CVE-2007-3102
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote malicious users to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained f...
Openbsd Openssh 4.3p2
NA
CVE-2001-1585
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote malicious users to...
Openbsd Openssh 2.3.1
7.5
CVSSv3
CVE-2020-12062
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirec...
Openbsd Openssh 8.2
NA
CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emac...
Openbsd Openssh 4.3p2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »