Dropbear Ssh@* Security Vulnerabilities and Issues — Dropbear Ssh@* CVE List

Lucene search

Dropbear Ssh ProjectDropbear Ssh*

6 matches found

CVE•added 2017/03/03 4:59 p.m.•474 views

CVE-2016-7407

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.

10CVSS9.4AI score0.01525EPSS

CVE•added 2017/03/03 4:59 p.m.•338 views

CVE-2016-7406

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

10CVSS9.6AI score0.1035EPSS

CVE•added 2017/05/19 2:29 p.m.•295 views

CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

8.8CVSS8.6AI score0.0321EPSS

CVE•added 2017/05/19 2:29 p.m.•182 views

CVE-2017-9079

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.

4.7CVSS5.6AI score0.0013EPSS

CVE•added 2017/03/03 4:59 p.m.•155 views

CVE-2016-7408

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.

8.8CVSS9.2AI score0.04733EPSS

CVE•added 2017/03/03 4:59 p.m.•144 views

CVE-2016-7409

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.

5.5CVSS6.7AI score0.00306EPSS