Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssh vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2008-3844
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious pac...
Openbsd Openssh
1.2
CVSSv2
CVE-2008-3259
OpenSSH prior to 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
Openbsd Openssh 1.2.3
Openbsd Openssh 1.3
Openbsd Openssh 2.3.1
Openbsd Openssh 2.5
Openbsd Openssh 2.9p2
Openbsd Openssh 3.0
Openbsd Openssh 3.1p1
Openbsd Openssh 3.2
Openbsd Openssh 3.5
Openbsd Openssh 3.5p1
Openbsd Openssh 3.7.1p1
Openbsd Openssh 3.7.1p2
Openbsd Openssh 4.0
Openbsd Openssh 4.0p1
Openbsd Openssh 4.4
Openbsd Openssh 4.4p1
Openbsd Openssh 1.5
Openbsd Openssh 1.5.7
Openbsd Openssh 2.5.1
Openbsd Openssh 2.5.2
Openbsd Openssh 3.0.1
Openbsd Openssh 3.0.1p1
1 Github repository
6.5
CVSSv2
CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
Openbsd Openssh 4.0
1 EDB exploit
5
CVSSv2
CVE-2008-2285
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote malicious users to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04
7.8
CVSSv2
CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions prior to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote malicious users to conduct brute force guessing attacks against cryptographic keys.
Openssl Openssl
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
3 EDB exploits
25 Github repositories
6.5
CVSSv2
CVE-2008-1657
OpenSSH 4.4 up to versions prior to 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Openbsd Openssh 4.4
Openbsd Openssh 4.4p1
Openbsd Openssh 4.5
Openbsd Openssh 4.6
Openbsd Openssh 4.7
Openbsd Openssh 4.8
1 Github repository
6.9
CVSSv2
CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emac...
Openbsd Openssh 4.3p2
8.5
CVSSv2
CVE-2007-6415
scponly 4.6 and previous versions allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
Debian Debian Linux 3.1
Debian Debian Linux 4.0
4.3
CVSSv2
CVE-2007-5715
DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote malicious users to avoid detection and blocking when making invalid login attempts with a userna...
Denyhosts Denyhosts 2.6
4.3
CVSSv2
CVE-2007-3102
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote malicious users to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained f...
Openbsd Openssh 4.3p2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »