Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssh vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2002-0639
Integer overflow in sshd in OpenSSH 2.9.9 up to and including 3.3 allows remote malicious users to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
Openbsd Openssh
NA
CVE-2023-51384
In ssh-agent in OpenSSH prior to 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multi...
Openbsd Openssh
1 Github repository
670
VMScore
CVE-2014-1692
The hash_buffer function in schnorr.c in OpenSSH up to and including 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote malicious users to cause a denial of service (memory corruption) or have un...
Openbsd Openssh
570
VMScore
CVE-2004-1653
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
Openbsd Openssh
515
VMScore
CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and previous versions with PAM support enabled immediately sends an error message when a user does not exist, which allows remote malicious users to determine valid usernames via a timing attack.
Openbsd Openssh
Openbsd Openssh 3.6.1
Openpkg Openpkg 1.3
Openpkg Openpkg 1.2
Siemens Scalance X204rna Ecc Firmware
Siemens Scalance X204rna Firmware
3 EDB exploits
668
VMScore
CVE-2000-1169
OpenSSH SSH client prior to 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
Openbsd Openssh 2.2
445
VMScore
CVE-2006-4925
packet.c in ssh in OpenSSH allows remote malicious users to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
Openbsd Openssh 4.5
265
VMScore
CVE-2006-5229
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote malicious users to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as d...
Openbsd Openssh 4.1
1 EDB exploit
655
VMScore
CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
Openbsd Openssh 4.0
1 EDB exploit
605
VMScore
CVE-2001-1585
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote malicious users to...
Openbsd Openssh 2.3.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »