Filtered by vendor Openbsd
Subscriptions
Filtered by product Openssh
Subscriptions
Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0883 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2025-04-03 | N/A |
| OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. | ||||
| CVE-2001-0572 | 3 Openbsd, Redhat, Ssh | 3 Openssh, Linux, Ssh | 2025-04-03 | N/A |
| The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | ||||
| CVE-2001-0529 | 1 Openbsd | 1 Openssh | 2025-04-03 | N/A |
| OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. | ||||
| CVE-2001-0872 | 3 Openbsd, Redhat, Suse | 3 Openssh, Linux, Suse Linux | 2025-04-03 | N/A |
| OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. | ||||
| CVE-2000-0992 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2025-04-03 | N/A |
| Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. | ||||
| CVE-2005-2666 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-03 | N/A |
| SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | ||||
| CVE-2004-2760 | 1 Openbsd | 1 Openssh | 2025-04-03 | N/A |
| sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. | ||||
| CVE-2006-0225 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-03 | N/A |
| scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. | ||||
| CVE-2004-2069 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-03 | N/A |
| sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). | ||||
| CVE-2023-51384 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2024-11-21 | 5.5 Medium |
| In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. | ||||
| CVE-2023-38408 | 3 Fedoraproject, Openbsd, Redhat | 9 Fedora, Openssh, Devworkspace and 6 more | 2024-11-21 | 9.8 Critical |
| The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | ||||
| CVE-2023-25136 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 10 Fedora, 500f, 500f Firmware and 7 more | 2024-11-21 | 6.5 Medium |
| OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | ||||
| CVE-2021-41617 | 6 Fedoraproject, Netapp, Openbsd and 3 more | 15 Fedora, Active Iq Unified Manager, Aff 500f and 12 more | 2024-11-21 | 7.0 High |
| sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. | ||||
| CVE-2021-36368 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2024-11-21 | 3.7 Low |
| An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed. | ||||
| CVE-2021-28041 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 11 Fedora, Cloud Backup, Hci Compute Node and 8 more | 2024-11-21 | 7.1 High |
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | ||||
| CVE-2020-12062 | 1 Openbsd | 1 Openssh | 2024-11-21 | 7.5 High |
| The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances. | ||||
| CVE-2019-6109 | 9 Canonical, Debian, Fedoraproject and 6 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-11-21 | 6.8 Medium |
| An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | ||||
| CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 5.3 Medium |
| OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product | ||||
| CVE-2016-10708 | 5 Canonical, Debian, Netapp and 2 more | 13 Ubuntu Linux, Debian Linux, Cloud Backup and 10 more | 2024-11-21 | N/A |
| sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | ||||