Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Openssh Number Of NVD 124 CRITICAL 6 HIGH 46 MEDIUM 60 LOW 12
URL https://www.openssh.com/
Explanation It is an SSH implementation developed by the OpenBSD project and used on many Unix and Linux systems.
It can also be used on Windows, as the OpenSSH client can be easily installed.
Tag
  • BSD License
  • オープンソース

Add Information URL
No Type Name URL
1 https://anongit.mindrot.org/openssh

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
21 OpenSSH 9 9.9p2 Feb. 18, 2025 April 8, 2022 3 4 10 0
22 OpenSSH 8 8.9 Feb. 23, 2022 April 17, 2019 3 9 11 1
23 OpenSSH 7 OpenSSH 7.9 Oct. 19, 2018 Aug. 11, 2015 3 14 22 1
24 OpenSSH 6 OpenSSH 6.9 July 1, 2015 April 22, 2012 3 16 28 2
25 OpenSSH 5 OpenSSH 5.9 Sept. 6, 2011 April 3, 2008 3 14 27 6
26 OpenSSH 4 OpenSSH 4.9 March 31, 2008 March 9, 2005 3 20 35 9
27 OpenSSH 3 OpenSSH 3.9 Aug. 18, 2004 Nov. 6, 2001 5 30 35 7
28 OpenSSH 8.4 8.4 2 5 10 1
29 OpenSSH 8.3 8.3 2 6 10 1
30 OpenSSH 8.2 8.2 2 7 10 1
31 OpenSSH 8.1 8.1 2 5 10 1
32 OpenSSH 8.0 8.0 2 6 10 1
33 OpenSSH 7.9 7.9 2 6 14 1
34 OpenSSH 7.8 7.8 2 6 15 1
35 OpenSSH 7.7 7.7 2 6 16 1
36 OpenSSH 7.6 7.6 2 5 16 1
37 OpenSSH 7.5 7.5 2 5 17 1
38 OpenSSH 7.4 7.4 2 5 17 1
39 OpenSSH 7.3 7.3 2 10 18 1
40 OpenSSH 7.2 7.2p2 March 10, 2016 2 12 20 1
41 OpenSSH 7.1 7.1p2 Jan. 14, 2016 3 13 22 1
42 OpenSSH 7.0 7.0 3 13 22 1
43 OpenSSH 6.9 6.9 3 15 23 2
44 OpenSSH 6.8 6.8 3 15 24 2
45 OpenSSH 6.7 6.7 3 13 22 2
46 OpenSSH 6.6 6.6 3 13 23 2
47 OpenSSH 6.5 6.5 3 13 24 2
48 OpenSSH 6.4 6.4 3 14 24 2
49 OpenSSH 6.3 6.3 3 14 25 2
50 OpenSSH 6.2 6.2p2 May 16, 2013 3 14 25 2
51 OpenSSH 6.1 6.1 3 13 25 2
52 OpenSSH 6.0 6.0 3 13 25 2
53 OpenSSH 5.9 5.9 3 13 25 2
54 OpenSSH 5.8p2 5.8p2 3 12 24 2
55 OpenSSH 5.8 5.8p2 May 3, 2011 3 13 25 4
56 OpenSSH 5.7 5.7 3 13 26 4
57 OpenSSH 5.6 5.6 3 14 25 5
58 OpenSSH 5.5 5.5 3 14 24 5
59 OpenSSH 5.4 5.4 3 14 24 5
60 OpenSSH 5.3 5.3 3 13 24 5
61 OpenSSH 5.2 5.2 3 13 24 5
62 OpenSSH 5.1 5.1 3 13 24 5
63 OpenSSH 5.0 5.0 3 13 24 6
64 OpenSSH 4.9 4.9 3 13 24 6
65 OpenSSH 4.8 4.8 3 13 26 6
66 OpenSSH 4.7p1 4.7p1 3 13 23 7
67 OpenSSH 4.7 4.7 3 13 25 7
68 OpenSSH 4.6 4.6 3 14 26 6
69 OpenSSH 4.5 4.5 3 16 27 7
70 OpenSSH 4.4p1 4.4p1 3 14 26 6
71 OpenSSH 4.4 4.4 3 17 26 6
72 OpenSSH 4.3p2 4.3p2 3 14 27 6
73 OpenSSH 4.3p1 4.3p1 3 15 26 6
74 OpenSSH 4.3 4.3p2 Feb. 11, 2006 3 18 29 6
75 OpenSSH 4.2p1 4.2p1 3 15 27 6
76 OpenSSH 4.2 4.2 3 18 27 6
77 OpenSSH 4.1p1 4.1p1 3 15 28 6
78 OpenSSH 4.1 4.1 3 18 28 7
79 OpenSSH 4.0p1 4.0p1 3 15 28 6
80 OpenSSH 4.0 4.0 3 18 30 6
81 OpenSSH 3.9 3.9.1p1 3 18 29 7
82 OpenSSH 3.8 3.8.1p1 3 18 30 7
83 OpenSSH 3.7 3.7.1p2 3 23 30 7
84 OpenSSH 3.6 3.6.1p2 3 23 31 7
85 OpenSSH 3.5p1 3.5p1 3 19 29 7
86 OpenSSH 3.5 3.5 3 22 31 7
87 OpenSSH 3.4p1 3.4p1 3 19 29 7
88 OpenSSH 3.4 3.4 3 22 31 7
89 OpenSSH 3.3p1 3.3p1 3 20 29 7
90 OpenSSH 3.3 3.3 4 23 31 7
91 OpenSSH 3.2 3.2.3p1 4 25 31 7
92 OpenSSH 3.1p1 3.1p1 3 20 29 7
93 OpenSSH 3.1 3.1 4 24 31 7
94 OpenSSH 3.0p1 3.0p1 3 21 29 7
95 OpenSSH 3.0 3.0.2p1 5 26 32 7
96 OpenSSH 2.9p2 2.9p2 5 25 28 6
97 OpenSSH 2.9p1 2.9p1 5 25 28 6
98 OpenSSH 2.9 2.9p2 June 17, 2001 4 29 29 6
99 OpenSSH 2.5 2.5.2p2 March 22, 2001 4 29 29 6
100 OpenSSH 2.3 2.3.0p1 Nov. 6, 2000 4 29 30 6
101 OpenSSH 2.2 2.2.0p1 Sept. 1, 2000 4 31 29 6
102 OpenSSH 2.1 2.1.1p4 July 16, 2000 4 31 30 6
103 OpenSSH 2 OpenSSH 2.9.9 Sept. 25, 2001 5 32 31 6
104 OpenSSH 1.5 1.5.8 3 25 27 6
105 OpenSSH 1.3 1.3 3 25 27 6
106 OpenSSH 1.2 1.2.3p1 March 24, 2000 3 29 33 7
107 OpenSSH 1 OpenSSH 1.2.3p1 March 24, 2000 3 29 33 7
108 OpenSSH - - 3 24 31 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
21 3.7
2.6
LOW
Network
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to… CWE-287
Improper Authentication
CVE-2021-36368 cpe:2.3:a:openbsd:openssh:*:* 8.9 2024-11-21 15:13
2022-03-13
Show GitHub Exploit DB Packet Storm
22 7.0
4.4
HIGH
Local
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs … NVD-CWE-Other
CVE-2021-41617 cpe:2.3:a:openbsd:openssh:*:* 6.2 8.8 2024-11-21 15:26
2021-09-27
Show GitHub Exploit DB Packet Storm
23 5.3
4.3
MEDIUM
Network
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occu… NVD-CWE-Other
CVE-2016-20012 cpe:2.3:a:openbsd:openssh:*:* 8.7 2024-11-21 11:47
2021-09-16
Show GitHub Exploit DB Packet Storm
24 7.1
4.6
HIGH
Network
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an … CWE-415
 Double Free
CVE-2021-28041 cpe:2.3:a:openbsd:openssh:*:* 8.2 8.5 2024-11-21 14:59
2021-03-6
Show GitHub Exploit DB Packet Storm
25 7.8
6.8
HIGH
Local
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t… CWE-78
OS Command 
CVE-2020-15778 cpe:2.3:a:openbsd:openssh:8.3:p1
cpe:2.3:a:openbsd:openssh:8.3:-
cpe:2.3:a:openbsd:openssh:*:*
8.3 2024-11-21 14:06
2020-07-24
Show GitHub Exploit DB Packet Storm
26 5.9
4.3
MEDIUM
Network
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connect… CWE-203
 Information Exposure Through Discrepancy
CVE-2020-14145 cpe:2.3:a:openbsd:openssh:8.6:-
cpe:2.3:a:openbsd:openssh:8.5:-
cpe:2.3:a:openbsd:openssh:8.4:-
cpe:2.3:a:open…
5.7 8.4 2024-11-21 14:02
2020-06-30
Show GitHub Exploit DB Packet Storm
27 7.5
5.0
HIGH
Network
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbit… CWE-20
 Improper Input Validation 
CVE-2020-12062 cpe:2.3:a:openbsd:openssh:8.2:* 2024-11-21 13:59
2020-06-2
Show GitHub Exploit DB Packet Storm
28 7.8
4.4
HIGH
Local
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This … CWE-190
 Integer Overflow or Wraparound
CVE-2019-16905 cpe:2.3:a:openbsd:openssh:*:* 7.7
8.0
7.9


8.1
2024-11-21 13:31
2019-10-10
Show GitHub Exploit DB Packet Storm
29 6.8
4.0
MEDIUM
Network
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI c… CWE-838
 Inappropriate Encoding for Output Context
CVE-2019-6110 cpe:2.3:a:openbsd:openssh:*:* 7.9 2024-11-21 13:45
2019-02-1
Show GitHub Exploit DB Packet Storm
30 5.9
5.8
MEDIUM
Network
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only perf… CWE-22
Path Traversal
CVE-2019-6111 cpe:2.3:a:openbsd:openssh:*:* 7.9 2024-11-21 13:45
2019-02-1
Show GitHub Exploit DB Packet Storm