Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Openssh Number Of NVD 113 CRITICAL 5 HIGH 44 MEDIUM 53 LOW 11
URL https://www.openssh.com/
Explanation It is an SSH implementation developed by the OpenBSD project and used on many Unix and Linux systems.
It can also be used on Windows, as the OpenSSH client can be easily installed.
Tag
  • BSD License
  • オープンソース
Add Information URL
No Type Name URL
1 https://anongit.mindrot.org/openssh
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 OpenSSH 9 9.9p2 Feb. 18, 2025 April 8, 2022 2 2 5 0
22 OpenSSH 8 8.9 Feb. 23, 2022 April 17, 2019 2 7 6 1
23 OpenSSH 7 OpenSSH 7.9 Oct. 19, 2018 Aug. 11, 2015 2 12 17 1
24 OpenSSH 6 OpenSSH 6.9 July 1, 2015 April 22, 2012 2 14 23 2
25 OpenSSH 5 OpenSSH 5.9 Sept. 6, 2011 April 3, 2008 2 12 22 6
26 OpenSSH 4 OpenSSH 4.9 March 31, 2008 March 9, 2005 2 18 30 9
27 OpenSSH 3 OpenSSH 3.9 Aug. 18, 2004 Nov. 6, 2001 4 28 30 7
28 OpenSSH 8.4 8.4 1 3 5 1
29 OpenSSH 8.3 8.3 1 4 5 1
30 OpenSSH 8.2 8.2 1 5 5 1
31 OpenSSH 8.1 8.1 1 3 5 1
32 OpenSSH 8.0 8.0 1 4 5 1
33 OpenSSH 7.9 7.9 1 4 9 1
34 OpenSSH 7.8 7.8 1 4 10 1
35 OpenSSH 7.7 7.7 1 4 11 1
36 OpenSSH 7.6 7.6 1 3 11 1
37 OpenSSH 7.5 7.5 1 3 12 1
38 OpenSSH 7.4 7.4 1 3 12 1
39 OpenSSH 7.3 7.3 1 8 13 1
40 OpenSSH 7.2 7.2p2 March 10, 2016 1 10 15 1
41 OpenSSH 7.1 7.1p2 Jan. 14, 2016 2 11 17 1
42 OpenSSH 7.0 7.0 2 11 17 1
43 OpenSSH 6.9 6.9 2 13 18 2
44 OpenSSH 6.8 6.8 2 13 19 2
45 OpenSSH 6.7 6.7 2 11 17 2
46 OpenSSH 6.6 6.6 2 11 18 2
47 OpenSSH 6.5 6.5 2 11 19 2
48 OpenSSH 6.4 6.4 2 12 19 2
49 OpenSSH 6.3 6.3 2 12 20 2
50 OpenSSH 6.2 6.2p2 May 16, 2013 2 12 20 2
51 OpenSSH 6.1 6.1 2 11 20 2
52 OpenSSH 6.0 6.0 2 11 20 2
53 OpenSSH 5.9 5.9 2 11 20 2
54 OpenSSH 5.8p2 5.8p2 2 10 19 2
55 OpenSSH 5.8 5.8p2 May 3, 2011 2 11 20 4
56 OpenSSH 5.7 5.7 2 11 21 4
57 OpenSSH 5.6 5.6 2 12 20 5
58 OpenSSH 5.5 5.5 2 12 19 5
59 OpenSSH 5.4 5.4 2 12 19 5
60 OpenSSH 5.3 5.3 2 11 19 5
61 OpenSSH 5.2 5.2 2 11 19 5
62 OpenSSH 5.1 5.1 2 11 19 5
63 OpenSSH 5.0 5.0 2 11 19 6
64 OpenSSH 4.9 4.9 2 11 19 6
65 OpenSSH 4.8 4.8 2 11 21 6
66 OpenSSH 4.7p1 4.7p1 2 11 18 7
67 OpenSSH 4.7 4.7 2 11 20 7
68 OpenSSH 4.6 4.6 2 12 21 6
69 OpenSSH 4.5 4.5 2 14 22 7
70 OpenSSH 4.4p1 4.4p1 2 12 21 6
71 OpenSSH 4.4 4.4 2 15 21 6
72 OpenSSH 4.3p2 4.3p2 2 12 22 6
73 OpenSSH 4.3p1 4.3p1 2 13 21 6
74 OpenSSH 4.3 4.3p2 Feb. 11, 2006 2 16 24 6
75 OpenSSH 4.2p1 4.2p1 2 13 22 6
76 OpenSSH 4.2 4.2 2 16 22 6
77 OpenSSH 4.1p1 4.1p1 2 13 23 6
78 OpenSSH 4.1 4.1 2 16 23 7
79 OpenSSH 4.0p1 4.0p1 2 13 23 6
80 OpenSSH 4.0 4.0 2 16 25 6
81 OpenSSH 3.9 3.9.1p1 2 16 24 7
82 OpenSSH 3.8 3.8.1p1 2 16 25 7
83 OpenSSH 3.7 3.7.1p2 2 21 25 7
84 OpenSSH 3.6 3.6.1p2 2 21 26 7
85 OpenSSH 3.5p1 3.5p1 2 17 24 7
86 OpenSSH 3.5 3.5 2 20 26 7
87 OpenSSH 3.4p1 3.4p1 2 17 24 7
88 OpenSSH 3.4 3.4 2 20 26 7
89 OpenSSH 3.3p1 3.3p1 2 18 24 7
90 OpenSSH 3.3 3.3 3 21 26 7
91 OpenSSH 3.2 3.2.3p1 3 23 26 7
92 OpenSSH 3.1p1 3.1p1 2 18 24 7
93 OpenSSH 3.1 3.1 3 22 26 7
94 OpenSSH 3.0p1 3.0p1 2 19 24 7
95 OpenSSH 3.0 3.0.2p1 4 24 27 7
96 OpenSSH 2.9p2 2.9p2 4 23 23 6
97 OpenSSH 2.9p1 2.9p1 4 23 23 6
98 OpenSSH 2.9 2.9p2 June 17, 2001 3 27 24 6
99 OpenSSH 2.5 2.5.2p2 March 22, 2001 3 27 24 6
100 OpenSSH 2.3 2.3.0p1 Nov. 6, 2000 3 27 25 6
101 OpenSSH 2.2 2.2.0p1 Sept. 1, 2000 3 29 24 6
102 OpenSSH 2.1 2.1.1p4 July 16, 2000 3 29 25 6
103 OpenSSH 2 OpenSSH 2.9.9 Sept. 25, 2001 4 30 26 6
104 OpenSSH 1.5 1.5.8 2 23 22 6
105 OpenSSH 1.3 1.3 2 23 22 6
106 OpenSSH 1.2 1.2.3p1 March 24, 2000 2 27 28 7
107 OpenSSH 1 OpenSSH 1.2.3p1 March 24, 2000 2 27 28 7
108 OpenSSH - - 2 22 24 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 5.3
2.6 		MEDIUM
Network 		In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the tar… CWE-863
 Incorrect Authorization 		CVE-2018-20685 cpe:2.3:a:openbsd:openssh:*:* 7.9 2024-11-21 13:01
2019-01-11 		Show GitHub Exploit DB Packet Storm
22 5.3
5.0 		MEDIUM
Network 		Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states … CWE-200
Information Exposure 		CVE-2018-15919 cpe:2.3:a:openbsd:openssh:*:* 5.9 7.8 2024-11-21 12:51
2018-08-28 		Show GitHub Exploit DB Packet Storm
23 5.3
5.0 		MEDIUM
Network 		OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, re… CWE-362
Race Condition 		CVE-2018-15473 cpe:2.3:a:openbsd:openssh:*:* 7.7 2024-11-21 12:50
2018-08-18 		Show GitHub Exploit DB Packet Storm
24 7.5
5.0 		HIGH
Network 		sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, relat… CWE-476
 NULL Pointer Dereference 		CVE-2016-10708 cpe:2.3:a:openbsd:openssh:*:* 7.4 2024-11-21 11:44
2018-01-22 		Show GitHub Exploit DB Packet Storm
25 5.3
5.0 		MEDIUM
Network 		The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2017-15906 cpe:2.3:a:openbsd:openssh:*:* 7.6 2024-11-21 12:15
2017-10-26 		Show GitHub Exploit DB Packet Storm
26 9.8
7.5 		CRITICAL
Network 		The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to t… CWE-287
Improper Authentication 		CVE-2016-1908 cpe:2.3:a:openbsd:openssh:*:* 7.2 2024-11-21 11:47
2017-04-12 		Show GitHub Exploit DB Packet Storm
27 5.9
4.3 		MEDIUM
Network 		sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enu… CWE-200
Information Exposure 		CVE-2016-6210 cpe:2.3:a:openbsd:openssh:*:p2 7.2 2024-11-21 11:55
2017-02-14 		Show GitHub Exploit DB Packet Storm
28 7.8
7.2 		HIGH
Local 		The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local use… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-10012 cpe:2.3:a:openbsd:openssh:*:* 7.3 2024-11-21 11:43
2017-01-5 		Show GitHub Exploit DB Packet Storm
29 5.5
2.1 		MEDIUM
Local 		authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging … CWE-320
 Key Management Errors 		CVE-2016-10011 cpe:2.3:a:openbsd:openssh:*:* 7.3 2024-11-21 11:43
2017-01-5 		Show GitHub Exploit DB Packet Storm
30 7.0
6.9 		HIGH
Local 		sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-10010 cpe:2.3:a:openbsd:openssh:*:* 7.3 2024-11-21 11:43
2017-01-5 		Show GitHub Exploit DB Packet Storm