Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openssh
(Openbsd)| Repositories |
• https://github.com/openbsd/src
• https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 114 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-01-19 | CVE-2016-1907 | The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | Openssh | 5.3 | ||
| 2016-05-01 | CVE-2015-8325 | The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. | Ubuntu_core, Ubuntu_linux, Ubuntu_touch, Debian_linux, Openssh | 7.8 | ||
| 2017-01-05 | CVE-2016-10010 | sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. | Openssh | 7.0 | ||
| 2017-01-05 | CVE-2016-10011 | authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | Openssh | 5.5 | ||
| 2017-02-13 | CVE-2016-6210 | sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. | Openssh | 5.9 | ||
| 2017-04-11 | CVE-2016-1908 | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | Debian_linux, Openssh, Linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 9.8 | ||
| 2017-10-26 | CVE-2017-15906 | The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | Debian_linux, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, Cn1610_firmware, Data_ontap_edge, Hci_management_node, Oncommand_unified_manager_core_package, Solidfire, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Openssh, Sun_zfs_storage_appliance_kit, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 5.3 | ||
| 2000-02-11 | CVE-2000-0143 | The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP. | Openssh, Ssh | N/A | ||
| 2020-06-29 | CVE-2020-14145 | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. | Active_iq_unified_manager, Aff_a700s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Ontap_select_deploy_administration_utility, Solidfire, Steelstore_cloud_integrated_storage, Openssh | 5.9 | ||
| 2007-05-21 | CVE-2007-2768 | OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. | Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage, Openssh | N/A |