|
91
|
-
6.4
|
MEDIUM
|
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonC…
|
NVD-CWE-Other
|
CVE-2004-1653
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
3.9
|
|
|
2017-07-11 10:31
2004-08-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
-
4.3
|
MEDIUM
|
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
|
CWE-22
Path Traversal
|
CVE-2004-0175
|
cpe:2.3:a:openbsd:openssh:3.4p1:* cpe:2.3:a:openbsd:openssh:3.4:* cpe:2.3:a:openbsd:openssh:3.3p1:* cpe:2.3:a:…
|
|
|
|
|
2017-10-11 10:29
2004-08-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
-
7.6
|
HIGH
|
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, …
|
CWE-362
Race Condition
|
CVE-2003-1562
|
cpe:2.3:a:openbsd:openssh:3.6:* cpe:2.3:a:openbsd:openssh:3.6.1p2:* cpe:2.3:a:openbsd:openssh:3.6.1p1:* cpe:2.…
|
|
|
|
|
2022-12-13 21:15
2003-12-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
-
10.0
|
HIGH
|
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote att…
|
NVD-CWE-Other
|
CVE-2003-0786
|
cpe:2.3:a:openbsd:openssh:3.7.1p1:* cpe:2.3:a:openbsd:openssh:3.7.1:*
|
|
|
|
|
2008-09-11 04:20
2003-11-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
-
7.5
|
HIGH
|
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
|
NVD-CWE-Other
|
CVE-2003-0787
|
cpe:2.3:a:openbsd:openssh:3.7.1p1:* cpe:2.3:a:openbsd:openssh:3.7.1:*
|
|
|
|
|
2008-09-11 04:20
2003-11-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
-
7.5
|
HIGH
|
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
|
NVD-CWE-Other
|
CVE-2003-0682
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
3.7.1
|
|
|
2018-05-3 10:29
2003-10-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
-
7.5
|
HIGH
|
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, …
|
NVD-CWE-Other
|
CVE-2003-0695
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
3.7.1
|
|
|
2018-05-3 10:29
2003-10-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
-
10.0
|
HIGH
|
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and cor…
|
NVD-CWE-Other
|
CVE-2003-0693
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
3.7
|
|
|
2024-07-1 20:15
2003-09-22
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
-
7.5
|
HIGH
|
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions …
|
NVD-CWE-Other
|
CVE-2003-0386
|
cpe:2.3:a:openbsd:openssh:3.6.1:*
|
|
|
|
|
2017-10-11 10:29
2003-07-2
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
-
5.0
|
MEDIUM
|
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2003-0190
|
cpe:2.3:a:openbsd:openssh:3.6.1:p1 cpe:2.3:a:openbsd:openssh:*:*
|
|
|
|
3.6.1
|
2024-02-16 03:46
2003-05-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|