Openssh Security Vulnerabilities and Issues — Openssh CVE List

Lucene search

OpenbsdOpenssh

3 matches found

cve•added 2008/08/27 8:41 p.m.•2824 views

CVE-2008-3844

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not dist...

9.3CVSS6.1AI score0.02091EPSS

cve•added 2008/08/04 10:0 a.m.•187 views

CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password st...

7.6CVSS6.7AI score0.14685EPSS

cve•added 2008/08/04 10:0 a.m.•133 views

CVE-2004-2760

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observ...

6.8CVSS6.6AI score0.14685EPSS