Lucene search
K
OpenbsdOpenssh

126 matches found

CVE
CVE
added 2023/07/20 12:0 a.m.36523 views

CVE-2023-38408

The CVE-2023-38408 issue affects OpenSSH’s ssh-agent PKCS#11 support, where an insufficiently trustworthy search path (notably code loaded from /usr/lib) enables remote code execution when an agent is forwarded to an attacker-controlled system; this stems from an incomplete fix for CVE-2016-10009...

9.8CVSS8.3AI score0.76768EPSS
CVE
CVE
added 2020/07/24 12:0 a.m.30692 views

CVE-2020-15778

The CVE-2020-15778 entry covers a command-injection flaw in scp within OpenSSH up to version 8.3p1. The vulnerability resides in scp.c toremote, enabling arbitrary command execution when a destination argument contains backtick characters; the vendor notes they intentionally forgo validating anom...

7.8CVSS7.8AI score0.12996EPSS
CVE
CVE
added 2021/09/26 12:0 a.m.17229 views

CVE-2021-41617

CVE-2021-41617 affects OpenSSH sshd (versions 6.2–8.x prior to 8.8) where certain non-default configurations allow local privilege escalation because supplemental groups are not initialized as expected when AuthorizedKeysCommand/AuthorizedPrincipalsCommand run under a different user. This can cau...

7CVSS7.5AI score0.02367EPSS
CVE
CVE
added 2020/06/29 5:33 p.m.16496 views

CVE-2020-14145

The CVE-2020-14145 entry concerns the OpenSSH client, with versions 5.7–8.4 (and notes that 8.5/8.6 may also be affected) exhibiting an observable discrepancy in the algorithm negotiation that leads to information leakage. The impact is a potential man-in-the-middle attack during initial connecti...

5.9CVSS5.6AI score0.02057EPSS
CVE
CVE
added 2019/01/31 12:0 a.m.13865 views

CVE-2019-6111

OpenSSH SCP client vulnerability CVE-2019-6111: in OpenSSH 7.9, the SCP client does not properly validate the object name returned by the server, allowing a malicious SCP server or MITM to overwrite arbitrary files in the client target directory. If recursive transfers (-r) are used, subdirectori...

5.9CVSS6.3AI score0.58204EPSS
In wild
CVE
CVE
added 2010/12/06 10:0 p.m.13482 views

CVE-2010-4478

OpenSSH

9.8CVSS5.3AI score0.04242EPSS
In wild
CVE
CVE
added 2021/03/05 7:7 p.m.12895 views

CVE-2021-28041

The CVE refers to OpenSSH ssh-agent before 8.5, where a double-free vulnerability may be triggered in rare scenarios (unconstrained agent-socket access on legacy OS or forwarding to an attacker-controlled host). Affected component: ssh-agent in OpenSSH prior to 8.5. Root cause: double free descri...

7.1CVSS6.8AI score0.03422EPSS
CVE
CVE
added 2018/08/28 8:0 a.m.12869 views

CVE-2018-15919

CVE-2018-15919 affects OpenSSH up to version 7.8, where Remotely observable behaviour in auth-gss2.c could allow a remote attacker to enumerate existing usernames when GSS2 is used. The IBM/linked bulletin explicitly notes the discoverer’s statement that username enumeration is not treated as a v...

5.3CVSS5.3AI score0.03557EPSS
In wild
CVE
CVE
added 2015/08/03 12:0 a.m.12420 views

CVE-2015-5600

Summary (CVE-2015-5600): The kbdint_next_device function in OpenSSH sshd up to version 6.9 fails to properly constrain keyboard-interactive device processing within a single connection, enabling remote brute-force attempts or a denial-of-service via a long/duplicative ssh -oKbdInteractiveDevices ...

8.5CVSS5.6AI score0.09302EPSS
CVE
CVE
added 2017/10/26 12:0 a.m.10773 views

CVE-2017-15906

OpenSSH OpenSSH sftp-server.c contains a write-blocking flaw in readonly mode that can let an attacker create zero-length files. Specifically, the process_open function in sftp-server.c mishandles write operations when in read-only mode, affecting OpenSSH versions prior to 7.6. The vulnerability ...

5.3CVSS5.5AI score0.03359EPSS
CVE
CVE
added 2022/03/12 11:24 p.m.8925 views

CVE-2021-36368

OpenSSH CVE-2021-36368 affects OpenSSH before 8.9. If a client uses public-key authentication with agent forwarding but not -oLogLevel=verbose, and a server is silently modified to support None authentication, the user cannot reliably tell if FIDO authentication will confirm the intended connecti...

3.7CVSS4.2AI score0.01677EPSS
CVE
CVE
added 2020/06/01 3:28 p.m.8380 views

CVE-2020-12062

CVE-2020-12062 affects the OpenSSH scp client (OpenSSH 8.2). The issue arises when a utimes system call fails, causing the scp client to send duplicate responses to the server. A malicious unprivileged user on the remote server can leverage this to overwrite arbitrary files in the client’s downlo...

7.5CVSS7.4AI score0.02267EPSS
CVE
CVE
added 2021/09/15 7:32 p.m.7843 views

CVE-2016-20012

CVE-2016-20012 : OpenSSH up to 8.7 may leak information by testing whether a given username/public key combination is known to the SSH server, since a challenge is sent only if that combo could be valid for a login. This could enable user enumeration. The IBM bulletin notes the vendor does not re...

5.3CVSS5.4AI score0.05039EPSS
CVE
CVE
added 2024/07/01 12:37 p.m.7687 views

CVE-2024-6387

CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...

8.1CVSS8.5AI score0.99506EPSS
In wild
CVE
CVE
added 2019/01/10 12:0 a.m.5797 views

CVE-2018-20685

CVE-2018-20685 affects OpenSSH scp client: scp.c allows remote servers to bypass access restrictions via the filename "." or an empty filename, potentially enabling modification of the client-directory permissions. Multiple advisories confirm this vulnerability and fix paths: Arch Linux ASA-20190...

5.3CVSS6.3AI score0.03681EPSS
In wild
CVE
CVE
added 2018/08/17 12:0 a.m.5659 views

CVE-2018-15473

OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...

5.9CVSS5.8AI score0.98631EPSS
CVE
CVE
added 2016/12/09 12:0 a.m.5640 views

CVE-2016-8858

CVE-2016-8858 affects OpenSSH 6.x and 7.x up to 7.3, where the kex_input_kexinit() function can be triggered by remote KEXINIT messages to exhaust memory and cause a denial of service. Public sources in connected docs describe memory consumption per connection (examples range up to 128 MB per con...

7.8CVSS7.2AI score0.29462EPSS
CVE
CVE
added 2019/01/31 12:0 a.m.5560 views

CVE-2019-6110

CVE-2019-6110 (OpenSSH SCP client) affects OpenSSH 7.9. The vulnerability arises from accepting and displaying arbitrary stderr output from the SCP server, allowing a malicious server or MITM to spoof SCP client output and potentially mask or override transferred files. Connected advisories confi...

6.8CVSS6.2AI score0.20906EPSS
In wild
CVE
CVE
added 2023/12/18 12:0 a.m.5248 views

CVE-2023-51385

OpenSSH CVE-2023-51385: OS command injection can occur when a username or hostname containing shell metacharacters is used in expansion tokens, e.g., in untrusted repositories. Affected: OpenSSH up to version

6.5CVSS7.1AI score0.19753EPSS
CVE
CVE
added 2019/10/09 12:0 a.m.5009 views

CVE-2019-16905

CVE-2019-16905 affects OpenSSH 7.7–7.9 and 8.x prior to 8.1 when built with the experimental XMSS key type. It describes a pre-authentication integer overflow in XMSS key parsing that can cause memory corruption and local code execution. The XMSS implementation is treated as experimental in all r...

7.8CVSS7.9AI score0.0217EPSS
CVE
CVE
added 2023/12/18 12:0 a.m.4899 views

CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

5.9CVSS6.7AI score0.9378EPSS
CVE
CVE
added 2019/01/31 12:0 a.m.4866 views

CVE-2019-6109

OpenSSH 7.9 contains CVE-2019-6109: missing character encoding in the progress display allows a malicious server/MITM to spoof scp client output by crafting object names (refresh_progress_meter in progressmeter.c). The vulnerability can enable spoofing of file transfer output; related issues incl...

6.8CVSS6.7AI score0.03807EPSS
In wild
CVE
CVE
added 2013/03/07 8:0 p.m.4805 views

CVE-2010-5107

CVE-2010-5107 describes a DoS in OpenSSH up to version 6.1 caused by a default connection-limiting behavior that can exhaust unauthenticated SSH slots. Public advisories (F5, CentOS/RHEL, AIX) discuss mitigations such as enabling random early drop via MaxStartups (commonly 10:30:60 or 10:30:100) ...

7.5CVSS4.8AI score0.1651EPSS
CVE
CVE
added 2023/03/17 12:0 a.m.4739 views

CVE-2023-28531

CVE-2023-28531 affects OpenSSH: ssh-add adds smartcard keys to ssh-agent without the intended per‑hop destination constraints, starting from OpenSSH up to version 9.2.x and earliest affected 8.9. The issue is resolved in OpenSSH 9.3 and later. Remediation is upgrading to 9.3+ (or the distro patch...

9.8CVSS9.1AI score0.02216EPSS
CVE
CVE
added 2006/09/27 11:0 p.m.4301 views

CVE-2006-5051

CVE-2006-5051 describes a signal-handler race in OpenSSH before 4.4. The race can cause unsafe handling of signals, potentially crashing the daemon and, if triggered under certain conditions (e.g., with GSSAPI enabled), may lead to arbitrary code execution. The root cause is a race condition that...

9.3CVSS8.4AI score0.44963EPSS
CVE
CVE
added 2018/01/21 10:0 p.m.4212 views

CVE-2016-10708

OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...

7.5CVSS5.9AI score0.15716EPSS
CVE
CVE
added 2025/02/18 6:27 p.m.3700 views

CVE-2025-26465

The CVE-2025-26465 issue affects OpenSSH when VerifyHostKeyDNS is enabled. A remote attacker could perform a MITM impersonation by abusing error-code handling during host-key verification, with success contingent on exhausting the client’s memory resources. Affected context is OpenSSH implementat...

6.8CVSS6.7AI score0.06997EPSS
CVE
CVE
added 2016/01/14 12:0 a.m.3481 views

CVE-2016-0777

CVE-2016-0777 pertains to an information leak and buffer overflow in OpenSSH client roaming (roaming_bytes reading memory) affecting OpenSSH 5.x, 6.x, and 7.x prior to 7.1p2. Exploitation would allow a remote server to obtain memory contents (e.g., private keys) via a roaming request. Connected d...

6.5CVSS6.4AI score0.63468EPSS
CVE
CVE
added 2015/08/24 12:0 a.m.3340 views

CVE-2015-6564

OpenSSH vulnerability CVE-2015-6564 is a use-after-free in the PAM free context path (mm_answer_pam_free_ctx) in sshd’s monitor.c. On non-OpenBSD platforms, an attacker who controls the sshd uid and can issue an early MONITOR_REQ_PAM_FREE_CTX may gain privileges. The issue is specific to OpenSSH ...

7CVSS5.7AI score0.00599EPSS
CVE
CVE
added 2016/08/07 12:0 a.m.3325 views

CVE-2016-6515

OpenSSH sshd vulnerability CVE-2016-6515 arises from the auth_password function not enforcing a maximum password length for password authentication, allowing remote, unauthenticated attackers to trigger high CPU consumption and denial of service via a long input string. Affected products: OpenSSH...

7.8CVSS7.3AI score0.58568EPSS
CVE
CVE
added 2014/12/06 3:0 p.m.3186 views

CVE-2014-9278

CVE-2014-9278 affects the OpenSSH server as used in Fedora and Red Hat Enterprise Linux 7 in Kerberos environments. The vulnerability allows remote authenticated users to log in as another user if they appear in the target user’s .k5users file, bypassing some authentication requirements for local...

4CVSS5.7AI score0.01833EPSS
CVE
CVE
added 2008/08/27 8:0 p.m.2976 views

CVE-2008-3844

CVE-2008-3844 corresponds to tampered Red Hat OpenSSH packages from August 2008 signed with a Red Hat key. The Trojan-Horse modification was introduced in certain RHEL 4/5 OpenSSH packages and its impact remains unknown; distribution was limited to unofficial channels, with no known official Red ...

9.3CVSS6.1AI score0.02674EPSS
CVE
CVE
added 2012/04/04 10:0 a.m.2858 views

CVE-2011-5000

OpenSSH

3.5CVSS4.7AI score0.02595EPSS
CVE
CVE
added 2014/01/29 3:0 p.m.2793 views

CVE-2014-1692

CVE-2014-1692 affects OpenSSH up to version 6.4 when Makefile.inc enables J-PAKE; the hash_buffer function in schnorr.c may not initialize certain data structures, enabling remote attackers to trigger a memory corruption denial of service (and potentially other impact). The provided documents do ...

7.5CVSS5.3AI score0.04587EPSS
CVE
CVE
added 2012/01/27 7:0 p.m.2667 views

CVE-2012-0814

The CVE-2012-0814 issue affects OpenSSH’s sshd, specifically the auth_parse_options function in auth-options.c, with reports noting that versions before 5.7 emit debug messages containing authorized_keys command options. This can allow remote authenticated users to read potentially sensitive info...

6.5CVSS4.7AI score0.03672EPSS
CVE
CVE
added 2017/01/05 12:0 a.m.2665 views

CVE-2016-10009

OpenSSH/OpenSSH-ssh-agent PKCS#11 path trust issue (CVE-2016-10009) is still referenced in connected documents as an incomplete fix leading to remote code execution when an agent is forwarded to an attacker-controlled system. Astra Linux notes: The vulnerability is due to an insufficiently trustw...

7.5CVSS7AI score0.37431EPSS
CVE
CVE
added 2023/12/24 12:0 a.m.2603 views

CVE-2023-51767

CVE-2023-51767 — IBM’s connected bulletin confirms a vulnerability mapped to the OpenSSH/OpenSSH-derived issue in OpenSSH up to version 10.0, where row hammer attacks on common DRAM types could enable authentication bypass. Root cause per the bulletin: the integer value of authenticated in mm_ans...

7CVSS6AI score0.00661EPSS
CVE
CVE
added 2014/02/03 2:0 a.m.2583 views

CVE-2011-4327

Technical details for CVE-2011-4327 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

5.5CVSS5.7AI score0.00416EPSS
CVE
CVE
added 2025/04/10 12:0 a.m.2393 views

CVE-2025-32728

CVE-2025-32728 affects OpenSSH sshd prior to 10.0: the DisableForwarding directive does not fully disable X11 and agent forwarding as documented, potentially enabling unintended access under certain configurations. Multiple advisories indicate OpenSSH vulnerabilities across platforms (AIX, Amazon...

4.3CVSS6.9AI score0.0016EPSS
CVE
CVE
added 2017/04/11 12:0 a.m.2251 views

CVE-2016-1908

OpenSSH CVE-2016-1908 affects the OpenSSH client before 7.2, where cookie generation for untrusted X11 forwarding can be mishandled when the local X server lacks the SECURITY extension. This could allow remote X11 clients to trigger a fallback to trusted forwarding, bypassing intended access cont...

9.8CVSS9AI score0.13736EPSS
CVE
CVE
added 2017/01/05 12:0 a.m.2185 views

CVE-2016-10012

CVE-2016-10012 affects OpenSSH up to version 7.4, tied to the shared memory manager used with pre-authentication compression. The issue stems from a bounds check not being enforced consistently across compilers in the m_zback/m_zlib data structures, enabling local privilege escalation via access ...

7.8CVSS6.2AI score0.01281EPSS
CVE
CVE
added 2016/01/14 12:0 a.m.2056 views

CVE-2016-0778

CVE-2016-0778 affects the OpenSSH client roaming feature. The root cause is improper bounds handling in roaming_read/roaming_write in roaming_common.c, enabling a heap-based buffer overflow when certain proxy/forward options are used. This can cause a denial of service or potentially arbitrary co...

8.1CVSS7.3AI score0.2037EPSS
CVE
CVE
added 2016/05/01 12:0 a.m.2029 views

CVE-2015-8325

CVE-2015-8325 affects OpenSSH sshd where, with UseLogin enabled and PAM reading user .pam_environment files, a local user can trigger a crafted environment for /bin/login (eg via LD_PRELOAD) to gain privileges. Affected context in the provided connected documents centers on OpenSSH scenarios in v...

7.8CVSS7.5AI score0.00627EPSS
CVE
CVE
added 2026/04/02 5:8 p.m.1862 views

CVE-2026-35414

OpenSSH CVE-2026-35414 affects OpenSSH before 10.3, where the authorized_keys principals option can be mishandled when a CA uses comma characters in a multi-principal scenario. Multiple connected advisories (IBM AIX advisory, Debian DLA, AlmaLinux/Almalinux, CloudLinux, and Amazon Linux ALAS entr...

8.1CVSS5.8AI score0.00176EPSS
CVE
CVE
added 2011/03/02 7:0 p.m.1767 views

CVE-2010-4755

CVE-2010-4755 : OpenSSH 5.8 and earlier is affected. The vulnerability resides in the remote_glob function (sftp-glob.c) and the process_put function (sftp.c), used by OpenSSH’s SFTP daemon. Remote authenticated users can trigger CPU and memory exhaustion by sending crafted glob expressions that ...

4CVSS5AI score0.07792EPSS
CVE
CVE
added 2015/08/24 12:0 a.m.1754 views

CVE-2015-6563

CVE-2015-6563 affects the OpenSSH sshd monitor component (monitor.c/monitor_wrap.c). The vulnerability allows a local attacker who has any SSH login access and can control the sshd uid to send a crafted MONITOR_REQ_PAM_INIT_CTX, enabling impersonation by leaking extraneous username data. Public a...

6.4CVSS5.4AI score0.00378EPSS
CVE
CVE
added 2015/08/03 12:0 a.m.1585 views

CVE-2015-5352

OpenSSH vulnerability CVE-2015-5352 affects the x11_open_helper function in channels.c, where when ForwardX11Trusted is not used there is no check on the X connection refusal deadline. This can allow remote attackers to bypass access restrictions by connecting outside the permitted time window. T...

4.3CVSS4.5AI score0.05445EPSS
CVE
CVE
added 2006/09/27 1:0 a.m.1497 views

CVE-2006-4924

OpenSSH sshd (OpenSSH) vulnerable when using SSH protocol 1; specially crafted SSH1 packets with duplicate blocks can cause the sshd process to consume excessive CPU, enabling a denial of service. This affects OpenSSH versions prior to 4.4 and is linked to improper handling by the CRC compensatio...

7.8CVSS7.7AI score0.34666EPSS
CVE
CVE
added 2017/01/05 12:0 a.m.1374 views

CVE-2016-10010

CVE-2016-10010 : When OpenSSH sshd runs with privilege separation disabled, forwarded Unix-domain sockets are created by root instead of the authenticated user, potentially allowing a local attacker to gain root privileges. This is a local-privilege-escalation issue tied to the serverloop/privsep...

7CVSS6.1AI score0.0424EPSS
CVE
CVE
added 2017/02/13 12:0 a.m.1363 views

CVE-2016-6210

CVE-2016-6210 affects OpenSSH sshd prior to 7.3. When SHA-256/512 is used for user password hashing, sshd can reveal valid usernames by measuring timing differences during authentication for non-existent users, enabling remote, unauthenticated user enumeration. Impact is information disclosure; e...

5.9CVSS6.7AI score0.88944EPSS
Total number of security vulnerabilities126