126 matches found
CVE-2023-38408
The CVE-2023-38408 issue affects OpenSSH’s ssh-agent PKCS#11 support, where an insufficiently trustworthy search path (notably code loaded from /usr/lib) enables remote code execution when an agent is forwarded to an attacker-controlled system; this stems from an incomplete fix for CVE-2016-10009...
CVE-2020-15778
The CVE-2020-15778 entry covers a command-injection flaw in scp within OpenSSH up to version 8.3p1. The vulnerability resides in scp.c toremote, enabling arbitrary command execution when a destination argument contains backtick characters; the vendor notes they intentionally forgo validating anom...
CVE-2021-41617
CVE-2021-41617 affects OpenSSH sshd (versions 6.2–8.x prior to 8.8) where certain non-default configurations allow local privilege escalation because supplemental groups are not initialized as expected when AuthorizedKeysCommand/AuthorizedPrincipalsCommand run under a different user. This can cau...
CVE-2020-14145
The CVE-2020-14145 entry concerns the OpenSSH client, with versions 5.7–8.4 (and notes that 8.5/8.6 may also be affected) exhibiting an observable discrepancy in the algorithm negotiation that leads to information leakage. The impact is a potential man-in-the-middle attack during initial connecti...
CVE-2019-6111
OpenSSH SCP client vulnerability CVE-2019-6111: in OpenSSH 7.9, the SCP client does not properly validate the object name returned by the server, allowing a malicious SCP server or MITM to overwrite arbitrary files in the client target directory. If recursive transfers (-r) are used, subdirectori...
CVE-2010-4478
OpenSSH
CVE-2021-28041
The CVE refers to OpenSSH ssh-agent before 8.5, where a double-free vulnerability may be triggered in rare scenarios (unconstrained agent-socket access on legacy OS or forwarding to an attacker-controlled host). Affected component: ssh-agent in OpenSSH prior to 8.5. Root cause: double free descri...
CVE-2018-15919
CVE-2018-15919 affects OpenSSH up to version 7.8, where Remotely observable behaviour in auth-gss2.c could allow a remote attacker to enumerate existing usernames when GSS2 is used. The IBM/linked bulletin explicitly notes the discoverer’s statement that username enumeration is not treated as a v...
CVE-2015-5600
Summary (CVE-2015-5600): The kbdint_next_device function in OpenSSH sshd up to version 6.9 fails to properly constrain keyboard-interactive device processing within a single connection, enabling remote brute-force attempts or a denial-of-service via a long/duplicative ssh -oKbdInteractiveDevices ...
CVE-2017-15906
OpenSSH OpenSSH sftp-server.c contains a write-blocking flaw in readonly mode that can let an attacker create zero-length files. Specifically, the process_open function in sftp-server.c mishandles write operations when in read-only mode, affecting OpenSSH versions prior to 7.6. The vulnerability ...
CVE-2021-36368
OpenSSH CVE-2021-36368 affects OpenSSH before 8.9. If a client uses public-key authentication with agent forwarding but not -oLogLevel=verbose, and a server is silently modified to support None authentication, the user cannot reliably tell if FIDO authentication will confirm the intended connecti...
CVE-2020-12062
CVE-2020-12062 affects the OpenSSH scp client (OpenSSH 8.2). The issue arises when a utimes system call fails, causing the scp client to send duplicate responses to the server. A malicious unprivileged user on the remote server can leverage this to overwrite arbitrary files in the client’s downlo...
CVE-2016-20012
CVE-2016-20012 : OpenSSH up to 8.7 may leak information by testing whether a given username/public key combination is known to the SSH server, since a challenge is sent only if that combo could be valid for a login. This could enable user enumeration. The IBM bulletin notes the vendor does not re...
CVE-2024-6387
CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...
CVE-2018-20685
CVE-2018-20685 affects OpenSSH scp client: scp.c allows remote servers to bypass access restrictions via the filename "." or an empty filename, potentially enabling modification of the client-directory permissions. Multiple advisories confirm this vulnerability and fix paths: Arch Linux ASA-20190...
CVE-2018-15473
OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...
CVE-2016-8858
CVE-2016-8858 affects OpenSSH 6.x and 7.x up to 7.3, where the kex_input_kexinit() function can be triggered by remote KEXINIT messages to exhaust memory and cause a denial of service. Public sources in connected docs describe memory consumption per connection (examples range up to 128 MB per con...
CVE-2019-6110
CVE-2019-6110 (OpenSSH SCP client) affects OpenSSH 7.9. The vulnerability arises from accepting and displaying arbitrary stderr output from the SCP server, allowing a malicious server or MITM to spoof SCP client output and potentially mask or override transferred files. Connected advisories confi...
CVE-2023-51385
OpenSSH CVE-2023-51385: OS command injection can occur when a username or hostname containing shell metacharacters is used in expansion tokens, e.g., in untrusted repositories. Affected: OpenSSH up to version
CVE-2019-16905
CVE-2019-16905 affects OpenSSH 7.7–7.9 and 8.x prior to 8.1 when built with the experimental XMSS key type. It describes a pre-authentication integer overflow in XMSS key parsing that can cause memory corruption and local code execution. The XMSS implementation is treated as experimental in all r...
CVE-2023-48795
CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...
CVE-2019-6109
OpenSSH 7.9 contains CVE-2019-6109: missing character encoding in the progress display allows a malicious server/MITM to spoof scp client output by crafting object names (refresh_progress_meter in progressmeter.c). The vulnerability can enable spoofing of file transfer output; related issues incl...
CVE-2010-5107
CVE-2010-5107 describes a DoS in OpenSSH up to version 6.1 caused by a default connection-limiting behavior that can exhaust unauthenticated SSH slots. Public advisories (F5, CentOS/RHEL, AIX) discuss mitigations such as enabling random early drop via MaxStartups (commonly 10:30:60 or 10:30:100) ...
CVE-2023-28531
CVE-2023-28531 affects OpenSSH: ssh-add adds smartcard keys to ssh-agent without the intended per‑hop destination constraints, starting from OpenSSH up to version 9.2.x and earliest affected 8.9. The issue is resolved in OpenSSH 9.3 and later. Remediation is upgrading to 9.3+ (or the distro patch...
CVE-2006-5051
CVE-2006-5051 describes a signal-handler race in OpenSSH before 4.4. The race can cause unsafe handling of signals, potentially crashing the daemon and, if triggered under certain conditions (e.g., with GSSAPI enabled), may lead to arbitrary code execution. The root cause is a race condition that...
CVE-2016-10708
OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...
CVE-2025-26465
The CVE-2025-26465 issue affects OpenSSH when VerifyHostKeyDNS is enabled. A remote attacker could perform a MITM impersonation by abusing error-code handling during host-key verification, with success contingent on exhausting the client’s memory resources. Affected context is OpenSSH implementat...
CVE-2016-0777
CVE-2016-0777 pertains to an information leak and buffer overflow in OpenSSH client roaming (roaming_bytes reading memory) affecting OpenSSH 5.x, 6.x, and 7.x prior to 7.1p2. Exploitation would allow a remote server to obtain memory contents (e.g., private keys) via a roaming request. Connected d...
CVE-2015-6564
OpenSSH vulnerability CVE-2015-6564 is a use-after-free in the PAM free context path (mm_answer_pam_free_ctx) in sshd’s monitor.c. On non-OpenBSD platforms, an attacker who controls the sshd uid and can issue an early MONITOR_REQ_PAM_FREE_CTX may gain privileges. The issue is specific to OpenSSH ...
CVE-2016-6515
OpenSSH sshd vulnerability CVE-2016-6515 arises from the auth_password function not enforcing a maximum password length for password authentication, allowing remote, unauthenticated attackers to trigger high CPU consumption and denial of service via a long input string. Affected products: OpenSSH...
CVE-2014-9278
CVE-2014-9278 affects the OpenSSH server as used in Fedora and Red Hat Enterprise Linux 7 in Kerberos environments. The vulnerability allows remote authenticated users to log in as another user if they appear in the target user’s .k5users file, bypassing some authentication requirements for local...
CVE-2008-3844
CVE-2008-3844 corresponds to tampered Red Hat OpenSSH packages from August 2008 signed with a Red Hat key. The Trojan-Horse modification was introduced in certain RHEL 4/5 OpenSSH packages and its impact remains unknown; distribution was limited to unofficial channels, with no known official Red ...
CVE-2011-5000
OpenSSH
CVE-2014-1692
CVE-2014-1692 affects OpenSSH up to version 6.4 when Makefile.inc enables J-PAKE; the hash_buffer function in schnorr.c may not initialize certain data structures, enabling remote attackers to trigger a memory corruption denial of service (and potentially other impact). The provided documents do ...
CVE-2012-0814
The CVE-2012-0814 issue affects OpenSSH’s sshd, specifically the auth_parse_options function in auth-options.c, with reports noting that versions before 5.7 emit debug messages containing authorized_keys command options. This can allow remote authenticated users to read potentially sensitive info...
CVE-2016-10009
OpenSSH/OpenSSH-ssh-agent PKCS#11 path trust issue (CVE-2016-10009) is still referenced in connected documents as an incomplete fix leading to remote code execution when an agent is forwarded to an attacker-controlled system. Astra Linux notes: The vulnerability is due to an insufficiently trustw...
CVE-2023-51767
CVE-2023-51767 — IBM’s connected bulletin confirms a vulnerability mapped to the OpenSSH/OpenSSH-derived issue in OpenSSH up to version 10.0, where row hammer attacks on common DRAM types could enable authentication bypass. Root cause per the bulletin: the integer value of authenticated in mm_ans...
CVE-2011-4327
Technical details for CVE-2011-4327 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2025-32728
CVE-2025-32728 affects OpenSSH sshd prior to 10.0: the DisableForwarding directive does not fully disable X11 and agent forwarding as documented, potentially enabling unintended access under certain configurations. Multiple advisories indicate OpenSSH vulnerabilities across platforms (AIX, Amazon...
CVE-2016-1908
OpenSSH CVE-2016-1908 affects the OpenSSH client before 7.2, where cookie generation for untrusted X11 forwarding can be mishandled when the local X server lacks the SECURITY extension. This could allow remote X11 clients to trigger a fallback to trusted forwarding, bypassing intended access cont...
CVE-2016-10012
CVE-2016-10012 affects OpenSSH up to version 7.4, tied to the shared memory manager used with pre-authentication compression. The issue stems from a bounds check not being enforced consistently across compilers in the m_zback/m_zlib data structures, enabling local privilege escalation via access ...
CVE-2016-0778
CVE-2016-0778 affects the OpenSSH client roaming feature. The root cause is improper bounds handling in roaming_read/roaming_write in roaming_common.c, enabling a heap-based buffer overflow when certain proxy/forward options are used. This can cause a denial of service or potentially arbitrary co...
CVE-2015-8325
CVE-2015-8325 affects OpenSSH sshd where, with UseLogin enabled and PAM reading user .pam_environment files, a local user can trigger a crafted environment for /bin/login (eg via LD_PRELOAD) to gain privileges. Affected context in the provided connected documents centers on OpenSSH scenarios in v...
CVE-2026-35414
OpenSSH CVE-2026-35414 affects OpenSSH before 10.3, where the authorized_keys principals option can be mishandled when a CA uses comma characters in a multi-principal scenario. Multiple connected advisories (IBM AIX advisory, Debian DLA, AlmaLinux/Almalinux, CloudLinux, and Amazon Linux ALAS entr...
CVE-2010-4755
CVE-2010-4755 : OpenSSH 5.8 and earlier is affected. The vulnerability resides in the remote_glob function (sftp-glob.c) and the process_put function (sftp.c), used by OpenSSH’s SFTP daemon. Remote authenticated users can trigger CPU and memory exhaustion by sending crafted glob expressions that ...
CVE-2015-6563
CVE-2015-6563 affects the OpenSSH sshd monitor component (monitor.c/monitor_wrap.c). The vulnerability allows a local attacker who has any SSH login access and can control the sshd uid to send a crafted MONITOR_REQ_PAM_INIT_CTX, enabling impersonation by leaking extraneous username data. Public a...
CVE-2015-5352
OpenSSH vulnerability CVE-2015-5352 affects the x11_open_helper function in channels.c, where when ForwardX11Trusted is not used there is no check on the X connection refusal deadline. This can allow remote attackers to bypass access restrictions by connecting outside the permitted time window. T...
CVE-2006-4924
OpenSSH sshd (OpenSSH) vulnerable when using SSH protocol 1; specially crafted SSH1 packets with duplicate blocks can cause the sshd process to consume excessive CPU, enabling a denial of service. This affects OpenSSH versions prior to 4.4 and is linked to improper handling by the CRC compensatio...
CVE-2016-10010
CVE-2016-10010 : When OpenSSH sshd runs with privilege separation disabled, forwarded Unix-domain sockets are created by root instead of the authenticated user, potentially allowing a local attacker to gain root privileges. This is a local-privilege-escalation issue tied to the serverloop/privsep...
CVE-2016-6210
CVE-2016-6210 affects OpenSSH sshd prior to 7.3. When SHA-256/512 is used for user password hashing, sshd can reveal valid usernames by measuring timing differences during authentication for non-existent users, enabling remote, unauthenticated user enumeration. Impact is information disclosure; e...