Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Openssh Number Of NVD 113 CRITICAL 5 HIGH 44 MEDIUM 53 LOW 11
URL https://www.openssh.com/
Explanation It is an SSH implementation developed by the OpenBSD project and used on many Unix and Linux systems.
It can also be used on Windows, as the OpenSSH client can be easily installed.
Tag
  • BSD License
  • オープンソース
Add Information URL
No Type Name URL
1 https://anongit.mindrot.org/openssh
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 OpenSSH 9 9.9p2 Feb. 18, 2025 April 8, 2022 2 2 5 0
12 OpenSSH 8 8.9 Feb. 23, 2022 April 17, 2019 2 7 6 1
13 OpenSSH 7 OpenSSH 7.9 Oct. 19, 2018 Aug. 11, 2015 2 12 17 1
14 OpenSSH 6 OpenSSH 6.9 July 1, 2015 April 22, 2012 2 14 23 2
15 OpenSSH 5 OpenSSH 5.9 Sept. 6, 2011 April 3, 2008 2 12 22 6
16 OpenSSH 4 OpenSSH 4.9 March 31, 2008 March 9, 2005 2 18 30 9
17 OpenSSH 3 OpenSSH 3.9 Aug. 18, 2004 Nov. 6, 2001 4 28 30 7
18 OpenSSH 8.4 8.4 1 3 5 1
19 OpenSSH 8.3 8.3 1 4 5 1
20 OpenSSH 8.2 8.2 1 5 5 1
21 OpenSSH 8.1 8.1 1 3 5 1
22 OpenSSH 8.0 8.0 1 4 5 1
23 OpenSSH 7.9 7.9 1 4 9 1
24 OpenSSH 7.8 7.8 1 4 10 1
25 OpenSSH 7.7 7.7 1 4 11 1
26 OpenSSH 7.6 7.6 1 3 11 1
27 OpenSSH 7.5 7.5 1 3 12 1
28 OpenSSH 7.4 7.4 1 3 12 1
29 OpenSSH 7.3 7.3 1 8 13 1
30 OpenSSH 7.2 7.2p2 March 10, 2016 1 10 15 1
31 OpenSSH 7.1 7.1p2 Jan. 14, 2016 2 11 17 1
32 OpenSSH 7.0 7.0 2 11 17 1
33 OpenSSH 6.9 6.9 2 13 18 2
34 OpenSSH 6.8 6.8 2 13 19 2
35 OpenSSH 6.7 6.7 2 11 17 2
36 OpenSSH 6.6 6.6 2 11 18 2
37 OpenSSH 6.5 6.5 2 11 19 2
38 OpenSSH 6.4 6.4 2 12 19 2
39 OpenSSH 6.3 6.3 2 12 20 2
40 OpenSSH 6.2 6.2p2 May 16, 2013 2 12 20 2
41 OpenSSH 6.1 6.1 2 11 20 2
42 OpenSSH 6.0 6.0 2 11 20 2
43 OpenSSH 5.9 5.9 2 11 20 2
44 OpenSSH 5.8p2 5.8p2 2 10 19 2
45 OpenSSH 5.8 5.8p2 May 3, 2011 2 11 20 4
46 OpenSSH 5.7 5.7 2 11 21 4
47 OpenSSH 5.6 5.6 2 12 20 5
48 OpenSSH 5.5 5.5 2 12 19 5
49 OpenSSH 5.4 5.4 2 12 19 5
50 OpenSSH 5.3 5.3 2 11 19 5
51 OpenSSH 5.2 5.2 2 11 19 5
52 OpenSSH 5.1 5.1 2 11 19 5
53 OpenSSH 5.0 5.0 2 11 19 6
54 OpenSSH 4.9 4.9 2 11 19 6
55 OpenSSH 4.8 4.8 2 11 21 6
56 OpenSSH 4.7p1 4.7p1 2 11 18 7
57 OpenSSH 4.7 4.7 2 11 20 7
58 OpenSSH 4.6 4.6 2 12 21 6
59 OpenSSH 4.5 4.5 2 14 22 7
60 OpenSSH 4.4p1 4.4p1 2 12 21 6
61 OpenSSH 4.4 4.4 2 15 21 6
62 OpenSSH 4.3p2 4.3p2 2 12 22 6
63 OpenSSH 4.3p1 4.3p1 2 13 21 6
64 OpenSSH 4.3 4.3p2 Feb. 11, 2006 2 16 24 6
65 OpenSSH 4.2p1 4.2p1 2 13 22 6
66 OpenSSH 4.2 4.2 2 16 22 6
67 OpenSSH 4.1p1 4.1p1 2 13 23 6
68 OpenSSH 4.1 4.1 2 16 23 7
69 OpenSSH 4.0p1 4.0p1 2 13 23 6
70 OpenSSH 4.0 4.0 2 16 25 6
71 OpenSSH 3.9 3.9.1p1 2 16 24 7
72 OpenSSH 3.8 3.8.1p1 2 16 25 7
73 OpenSSH 3.7 3.7.1p2 2 21 25 7
74 OpenSSH 3.6 3.6.1p2 2 21 26 7
75 OpenSSH 3.5p1 3.5p1 2 17 24 7
76 OpenSSH 3.5 3.5 2 20 26 7
77 OpenSSH 3.4p1 3.4p1 2 17 24 7
78 OpenSSH 3.4 3.4 2 20 26 7
79 OpenSSH 3.3p1 3.3p1 2 18 24 7
80 OpenSSH 3.3 3.3 3 21 26 7
81 OpenSSH 3.2 3.2.3p1 3 23 26 7
82 OpenSSH 3.1p1 3.1p1 2 18 24 7
83 OpenSSH 3.1 3.1 3 22 26 7
84 OpenSSH 3.0p1 3.0p1 2 19 24 7
85 OpenSSH 3.0 3.0.2p1 4 24 27 7
86 OpenSSH 2.9p2 2.9p2 4 23 23 6
87 OpenSSH 2.9p1 2.9p1 4 23 23 6
88 OpenSSH 2.9 2.9p2 June 17, 2001 3 27 24 6
89 OpenSSH 2.5 2.5.2p2 March 22, 2001 3 27 24 6
90 OpenSSH 2.3 2.3.0p1 Nov. 6, 2000 3 27 25 6
91 OpenSSH 2.2 2.2.0p1 Sept. 1, 2000 3 29 24 6
92 OpenSSH 2.1 2.1.1p4 July 16, 2000 3 29 25 6
93 OpenSSH 2 OpenSSH 2.9.9 Sept. 25, 2001 4 30 26 6
94 OpenSSH 1.5 1.5.8 2 23 22 6
95 OpenSSH 1.3 1.3 2 23 22 6
96 OpenSSH 1.2 1.2.3p1 March 24, 2000 2 27 28 7
97 OpenSSH 1 OpenSSH 1.2.3p1 March 24, 2000 2 27 28 7
98 OpenSSH - - 2 22 24 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 7.0
4.4 		HIGH
Local 		sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs … NVD-CWE-Other
CVE-2021-41617 cpe:2.3:a:openbsd:openssh:*:* 6.2 8.8 2024-11-21 15:26
2021-09-27 		Show GitHub Exploit DB Packet Storm
12 5.3
4.3 		MEDIUM
Network 		OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occu… NVD-CWE-Other
CVE-2016-20012 cpe:2.3:a:openbsd:openssh:*:* 8.7 2024-11-21 11:47
2021-09-16 		Show GitHub Exploit DB Packet Storm
13 7.1
4.6 		HIGH
Network 		ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an … CWE-415
 Double Free 		CVE-2021-28041 cpe:2.3:a:openbsd:openssh:*:* 8.2 8.5 2024-11-21 14:59
2021-03-6 		Show GitHub Exploit DB Packet Storm
14 7.8
6.8 		HIGH
Local 		scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t… CWE-78
OS Command  		CVE-2020-15778 cpe:2.3:a:openbsd:openssh:8.3:p1
cpe:2.3:a:openbsd:openssh:8.3:-
cpe:2.3:a:openbsd:openssh:*:* 		8.3 2024-11-21 14:06
2020-07-24 		Show GitHub Exploit DB Packet Storm
15 5.9
4.3 		MEDIUM
Network 		The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connect… CWE-203
 Information Exposure Through Discrepancy 		CVE-2020-14145 cpe:2.3:a:openbsd:openssh:8.6:-
cpe:2.3:a:openbsd:openssh:8.5:-
cpe:2.3:a:openbsd:openssh:8.4:-
cpe:2.3:a:open… 		5.7 8.4 2024-11-21 14:02
2020-06-30 		Show GitHub Exploit DB Packet Storm
16 7.5
5.0 		HIGH
Network 		The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbit… CWE-20
 Improper Input Validation  		CVE-2020-12062 cpe:2.3:a:openbsd:openssh:8.2:* 2024-11-21 13:59
2020-06-2 		Show GitHub Exploit DB Packet Storm
17 7.8
4.4 		HIGH
Local 		OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This … CWE-190
 Integer Overflow or Wraparound 		CVE-2019-16905 cpe:2.3:a:openbsd:openssh:*:* 7.7
8.0 		7.9

8.1 		2024-11-21 13:31
2019-10-10 		Show GitHub Exploit DB Packet Storm
18 6.8
4.0 		MEDIUM
Network 		In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI c… CWE-838
 Inappropriate Encoding for Output Context 		CVE-2019-6110 cpe:2.3:a:openbsd:openssh:*:* 7.9 2024-11-21 13:45
2019-02-1 		Show GitHub Exploit DB Packet Storm
19 5.9
5.8 		MEDIUM
Network 		An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only perf… CWE-22
Path Traversal 		CVE-2019-6111 cpe:2.3:a:openbsd:openssh:*:* 7.9 2024-11-21 13:45
2019-02-1 		Show GitHub Exploit DB Packet Storm
20 6.8
4.0 		MEDIUM
Network 		An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the… CWE-116
 Improper Encoding or Escaping of Output 		CVE-2019-6109 cpe:2.3:a:openbsd:openssh:*:* 7.9 2024-11-21 13:45
2019-02-1 		Show GitHub Exploit DB Packet Storm