Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssh vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-1380
OpenSSH prior to 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote malicious users to login from unauthorized IP addresses.
Openbsd Openssh
NA
CVE-2001-1382
The "echo simulation" traffic analysis countermeasure in OpenSSH prior to 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote malicious users to determine that the countermeasure is being used.
Openbsd Openssh
NA
CVE-2001-0816
OpenSSH prior to 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
Openbsd Openssh
NA
CVE-2001-0529
OpenSSH version 2.9 and previous versions, with X forwarding enabled, allows a local malicious user to delete any file named 'cookies' via a symlink attack.
Openbsd Openssh
NA
CVE-2008-3844
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious pac...
Openbsd Openssh
NA
CVE-2006-5794
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH prior to 4.5 causes weaker verification that authentication has been successful, which might allow malicious users to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only ...
Openbsd Openssh
NA
CVE-2014-1692
The hash_buffer function in schnorr.c in OpenSSH up to and including 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote malicious users to cause a denial of service (memory corruption) or have un...
Openbsd Openssh
9.8
CVSSv3
CVE-2002-0639
Integer overflow in sshd in OpenSSH 2.9.9 up to and including 3.3 allows remote malicious users to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
Openbsd Openssh
NA
CVE-2004-1653
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
Openbsd Openssh
5.5
CVSSv3
CVE-2023-51384
In ssh-agent in OpenSSH prior to 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multi...
Openbsd Openssh
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »