Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssh vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2007-6415
scponly 4.6 and previous versions allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
Debian Debian Linux 3.1
Debian Debian Linux 4.0
7.8
CVSSv2
CVE-2016-8858
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x up to and including 7.3 allows remote malicious users to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not cons...
Openbsd Openssh 6.9
Openbsd Openssh 7.3
Openbsd Openssh 7.1
Openbsd Openssh 7.2
Openbsd Openssh 6.8
Openbsd Openssh 7.0
7.8
CVSSv2
CVE-2016-6515
The auth_password function in auth-passwd.c in sshd in OpenSSH prior to 7.3 does not limit password lengths for password authentication, which allows remote malicious users to cause a denial of service (crypt CPU consumption) via a long string.
Openbsd Openssh
Fedoraproject Fedora 24
1 EDB exploit
3 Github repositories
7.8
CVSSv2
CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions prior to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote malicious users to conduct brute force guessing attacks against cryptographic keys.
Openssl Openssl
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
3 EDB exploits
22 Github repositories
7.8
CVSSv2
CVE-2006-4924
sshd in OpenSSH prior to 4.4, when using the version 1 SSH protocol, allows remote malicious users to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Openbsd Openssh 1.2.1
Openbsd Openssh 1.2.2
Openbsd Openssh 1.2.27
Openbsd Openssh 2.5.1
Openbsd Openssh 2.5.2
Openbsd Openssh 3.0.1
Openbsd Openssh 3.0.1p1
Openbsd Openssh 3.2.2
Openbsd Openssh 3.2.2p1
Openbsd Openssh 3.2.3p1
Openbsd Openssh 3.6
Openbsd Openssh 3.6.1
Openbsd Openssh 3.8
Openbsd Openssh 3.8.1
Openbsd Openssh 4.2
Openbsd Openssh 4.2p1
Openbsd Openssh 1.2
Openbsd Openssh 2.3
Openbsd Openssh 2.5
Openbsd Openssh 2.9p2
Openbsd Openssh 3.0
Openbsd Openssh 3.1p1
1 EDB exploit
7.6
CVSSv2
CVE-2003-1562
sshd in OpenSSH 3.6.1p2 and previous versions, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote malicious users to use timing differen...
Openbsd Openssh 2
Openbsd Openssh 3.2.2
Openbsd Openssh 3.1
Openbsd Openssh 3.0.2p1
Openbsd Openssh 1.5.8
Openbsd Openssh 2.1.1
Openbsd Openssh 3.2.3p1
Openbsd Openssh 3.1p1
Openbsd Openssh 2.5.1
Openbsd Openssh 2.9.9p2
Openbsd Openssh 3.6.1p2
Openbsd Openssh 3.0
Openbsd Openssh 1.2.1
Openbsd Openssh 2.2
Openbsd Openssh 3.2
Openbsd Openssh 3.6
Openbsd Openssh 1.5.7
Openbsd Openssh 1.2.3
Openbsd Openssh 3.5p1
Openbsd Openssh 2.3.1
Openbsd Openssh 3.0.1p1
Openbsd Openssh 2.1
7.5
CVSSv2
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH prior to 7.4 allows remote malicious users to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
Openbsd Openssh
1 EDB exploit
2 Github repositories
7.5
CVSSv2
CVE-2014-1692
The hash_buffer function in schnorr.c in OpenSSH up to and including 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote malicious users to cause a denial of service (memory corruption) or have un...
Openbsd Openssh
7.5
CVSSv2
CVE-2010-4478
OpenSSH 5.6 and previous versions, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote malicious users to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values ...
Openbsd Openssh 5.4
Openbsd Openssh 3.8
Openbsd Openssh 3.8.1p1
Openbsd Openssh 4.3p2
Openbsd Openssh 3.2.2
Openbsd Openssh 3.1
Openbsd Openssh 5.5
Openbsd Openssh 3.0.2p1
Openbsd Openssh 1.5.8
Openbsd Openssh 5.3
Openbsd Openssh 4.1
Openbsd Openssh 3.8.1
Openbsd Openssh 2.1.1
Openbsd Openssh 3.7.1p2
Openbsd Openssh 4.8
Openbsd Openssh 4.9
Openbsd Openssh 3.2.3p1
Openbsd Openssh 3.1p1
Openbsd Openssh 2.5.1
Openbsd Openssh 2.9.9p2
Openbsd Openssh 3.6.1p2
Openbsd Openssh 3.9
8 Github repositories
7.5
CVSSv2
CVE-2007-4752
ssh in OpenSSH prior to 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows malicious users to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Openbsd Openssh 4.3p2
Openbsd Openssh 4.3p1
Openbsd Openssh 4.0
Openbsd Openssh 4.3
Openbsd Openssh 4.2p1
Openbsd Openssh 4.4p1
Openbsd Openssh 4.4
Openbsd Openssh 4.1
Openbsd Openssh 4.0p1
Openbsd Openssh
Openbsd Openssh 4.5
Openbsd Openssh 4.2
Openbsd Openssh 4.1p1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »