Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd openssh vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-20012
OpenSSH up to and including 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be va...
Openbsd Openssh
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
4 Github repositories
4
CVSSv2
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Openbsd Openssh
Winscp Winscp
Netapp Element Software -
Netapp Storage Automation Store -
Netapp Ontap Select Deploy -
Siemens Scalance X204rna Firmware
Siemens Scalance X204rna Eec Firmware
2 EDB exploits
1 Github repository
1 Article
NA
CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address...
Openbsd Openssh 9.1
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Ontap Select Deploy Administration Utility -
Netapp A250 Firmware -
Netapp 500f Firmware -
Netapp C250 Firmware -
10 Github repositories
5
CVSSv2
CVE-2000-0992
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
Ssh Ssh 1.2.14
Ssh Ssh 1.2.18
Ssh Ssh 1.2.19
Ssh Ssh 1.2.26
Ssh Ssh 1.2.27
Openbsd Openssh 1.2
Openbsd Openssh 1.2.3
Ssh Ssh 1.2.20
Ssh Ssh 1.2.21
Ssh Ssh 1.2.28
Ssh Ssh 1.2.29
Ssh Ssh 1.2.15
Ssh Ssh 1.2.22
Ssh Ssh 1.2.23
Ssh Ssh 1.2.30
Ssh Ssh 1.2.31
Ssh Ssh 1.2.16
Ssh Ssh 1.2.17
Ssh Ssh 1.2.24
Ssh Ssh 1.2.25
1 EDB exploit
7.5
CVSSv2
CVE-2001-0572
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote malicious user to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password gu...
Openbsd Openssh 4.5
Ssh Ssh 1.2.30
Ssh Ssh 1.2.25
Ssh Ssh 1.2.26
Ssh Ssh 1.2.27
Ssh Ssh 1.2.28
Ssh Ssh 1.2.29
Ssh Ssh 1.2.24
Ssh Ssh 1.2.31
7.2
CVSSv2
CVE-2001-0872
OpenSSH 3.0.1 and previous versions with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
Openbsd Openssh
Suse Suse Linux 6.4
Suse Suse Linux 7.0
Suse Suse Linux 7.1
Suse Suse Linux 7.2
Redhat Linux 7.0
Suse Suse Linux 7.3
Redhat Linux 7.1
Redhat Linux 7.2
4.6
CVSSv2
CVE-2021-28041
ssh-agent in OpenSSH prior to 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
Openbsd Openssh
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Compute Node Firmware -
Netapp Hci Storage Node Firmware -
Oracle Zfs Storage Appliance 8.8
Oracle Communications Offline Mediation Controller 12.0.0.3.0
2 Github repositories
4.6
CVSSv2
CVE-2000-0143
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
Ssh Ssh 1.2.6
Ssh Ssh 1.2.0
Ssh Ssh 1.2.9
Ssh Ssh 1.2.21
Ssh Ssh 1.2.15
Ssh Ssh 1.2.4
Ssh Ssh 1.2.14
Ssh Ssh 1.2.19
Openbsd Openssh
Ssh Ssh 1.2.20
Openbsd Openssh 1.2
Ssh Ssh 1.2.18
Ssh Ssh 1.2.24
Ssh Ssh 1.2.8
Ssh Ssh 1.2.12
Ssh Ssh 1.2.3
Ssh Ssh 1.2.25
Ssh Ssh 1.2.7
Ssh Ssh 1.2.22
Ssh Ssh 1.2.1
Ssh Ssh 1.2.16
Ssh Ssh 1.2.26
4.4
CVSSv2
CVE-2021-41617
sshd in OpenSSH 6.2 up to and including 8.x prior to 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run w...
Openbsd Openssh
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Aff A250 Firmware -
Netapp Aff 500f Firmware -
Oracle Http Server 12.2.1.2.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Starwindsoftware Starwind Virtual San V8r13
5 Github repositories
5
CVSSv2
CVE-2018-15473
OpenSSH up to and including 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Openbsd Openssh
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Netapp Cn1610 Firmware -
Netapp Cloud Backup -
Netapp Data Ontap Edge -
Netapp Ontap Select Deploy -
Netapp Steelstore Cloud Integrated Storage -
Netapp Clustered Data Ontap -
Netapp Service Processor -
Netapp Data Ontap -
Netapp Fas Baseboard Management Controller -
Netapp Aff Baseboard Management Controller -
2 EDB exploits
70 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »