Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Openssh Number Of NVD 124 CRITICAL 6 HIGH 46 MEDIUM 60 LOW 12
URL https://www.openssh.com/
Explanation It is an SSH implementation developed by the OpenBSD project and used on many Unix and Linux systems.
It can also be used on Windows, as the OpenSSH client can be easily installed.
Tag
  • BSD License
  • オープンソース

Add Information URL
No Type Name URL
1 https://anongit.mindrot.org/openssh

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
31 OpenSSH 9 9.9p2 Feb. 18, 2025 April 8, 2022 3 4 10 0
32 OpenSSH 8 8.9 Feb. 23, 2022 April 17, 2019 3 9 11 1
33 OpenSSH 7 OpenSSH 7.9 Oct. 19, 2018 Aug. 11, 2015 3 14 22 1
34 OpenSSH 6 OpenSSH 6.9 July 1, 2015 April 22, 2012 3 16 28 2
35 OpenSSH 5 OpenSSH 5.9 Sept. 6, 2011 April 3, 2008 3 14 27 6
36 OpenSSH 4 OpenSSH 4.9 March 31, 2008 March 9, 2005 3 20 35 9
37 OpenSSH 3 OpenSSH 3.9 Aug. 18, 2004 Nov. 6, 2001 5 30 35 7
38 OpenSSH 8.4 8.4 2 5 10 1
39 OpenSSH 8.3 8.3 2 6 10 1
40 OpenSSH 8.2 8.2 2 7 10 1
41 OpenSSH 8.1 8.1 2 5 10 1
42 OpenSSH 8.0 8.0 2 6 10 1
43 OpenSSH 7.9 7.9 2 6 14 1
44 OpenSSH 7.8 7.8 2 6 15 1
45 OpenSSH 7.7 7.7 2 6 16 1
46 OpenSSH 7.6 7.6 2 5 16 1
47 OpenSSH 7.5 7.5 2 5 17 1
48 OpenSSH 7.4 7.4 2 5 17 1
49 OpenSSH 7.3 7.3 2 10 18 1
50 OpenSSH 7.2 7.2p2 March 10, 2016 2 12 20 1
51 OpenSSH 7.1 7.1p2 Jan. 14, 2016 3 13 22 1
52 OpenSSH 7.0 7.0 3 13 22 1
53 OpenSSH 6.9 6.9 3 15 23 2
54 OpenSSH 6.8 6.8 3 15 24 2
55 OpenSSH 6.7 6.7 3 13 22 2
56 OpenSSH 6.6 6.6 3 13 23 2
57 OpenSSH 6.5 6.5 3 13 24 2
58 OpenSSH 6.4 6.4 3 14 24 2
59 OpenSSH 6.3 6.3 3 14 25 2
60 OpenSSH 6.2 6.2p2 May 16, 2013 3 14 25 2
61 OpenSSH 6.1 6.1 3 13 25 2
62 OpenSSH 6.0 6.0 3 13 25 2
63 OpenSSH 5.9 5.9 3 13 25 2
64 OpenSSH 5.8p2 5.8p2 3 12 24 2
65 OpenSSH 5.8 5.8p2 May 3, 2011 3 13 25 4
66 OpenSSH 5.7 5.7 3 13 26 4
67 OpenSSH 5.6 5.6 3 14 25 5
68 OpenSSH 5.5 5.5 3 14 24 5
69 OpenSSH 5.4 5.4 3 14 24 5
70 OpenSSH 5.3 5.3 3 13 24 5
71 OpenSSH 5.2 5.2 3 13 24 5
72 OpenSSH 5.1 5.1 3 13 24 5
73 OpenSSH 5.0 5.0 3 13 24 6
74 OpenSSH 4.9 4.9 3 13 24 6
75 OpenSSH 4.8 4.8 3 13 26 6
76 OpenSSH 4.7p1 4.7p1 3 13 23 7
77 OpenSSH 4.7 4.7 3 13 25 7
78 OpenSSH 4.6 4.6 3 14 26 6
79 OpenSSH 4.5 4.5 3 16 27 7
80 OpenSSH 4.4p1 4.4p1 3 14 26 6
81 OpenSSH 4.4 4.4 3 17 26 6
82 OpenSSH 4.3p2 4.3p2 3 14 27 6
83 OpenSSH 4.3p1 4.3p1 3 15 26 6
84 OpenSSH 4.3 4.3p2 Feb. 11, 2006 3 18 29 6
85 OpenSSH 4.2p1 4.2p1 3 15 27 6
86 OpenSSH 4.2 4.2 3 18 27 6
87 OpenSSH 4.1p1 4.1p1 3 15 28 6
88 OpenSSH 4.1 4.1 3 18 28 7
89 OpenSSH 4.0p1 4.0p1 3 15 28 6
90 OpenSSH 4.0 4.0 3 18 30 6
91 OpenSSH 3.9 3.9.1p1 3 18 29 7
92 OpenSSH 3.8 3.8.1p1 3 18 30 7
93 OpenSSH 3.7 3.7.1p2 3 23 30 7
94 OpenSSH 3.6 3.6.1p2 3 23 31 7
95 OpenSSH 3.5p1 3.5p1 3 19 29 7
96 OpenSSH 3.5 3.5 3 22 31 7
97 OpenSSH 3.4p1 3.4p1 3 19 29 7
98 OpenSSH 3.4 3.4 3 22 31 7
99 OpenSSH 3.3p1 3.3p1 3 20 29 7
100 OpenSSH 3.3 3.3 4 23 31 7
101 OpenSSH 3.2 3.2.3p1 4 25 31 7
102 OpenSSH 3.1p1 3.1p1 3 20 29 7
103 OpenSSH 3.1 3.1 4 24 31 7
104 OpenSSH 3.0p1 3.0p1 3 21 29 7
105 OpenSSH 3.0 3.0.2p1 5 26 32 7
106 OpenSSH 2.9p2 2.9p2 5 25 28 6
107 OpenSSH 2.9p1 2.9p1 5 25 28 6
108 OpenSSH 2.9 2.9p2 June 17, 2001 4 29 29 6
109 OpenSSH 2.5 2.5.2p2 March 22, 2001 4 29 29 6
110 OpenSSH 2.3 2.3.0p1 Nov. 6, 2000 4 29 30 6
111 OpenSSH 2.2 2.2.0p1 Sept. 1, 2000 4 31 29 6
112 OpenSSH 2.1 2.1.1p4 July 16, 2000 4 31 30 6
113 OpenSSH 2 OpenSSH 2.9.9 Sept. 25, 2001 5 32 31 6
114 OpenSSH 1.5 1.5.8 3 25 27 6
115 OpenSSH 1.3 1.3 3 25 27 6
116 OpenSSH 1.2 1.2.3p1 March 24, 2000 3 29 33 7
117 OpenSSH 1 OpenSSH 1.2.3p1 March 24, 2000 3 29 33 7
118 OpenSSH - - 3 24 31 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
31 6.8
4.0
MEDIUM
Network
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the… CWE-116
 Improper Encoding or Escaping of Output
CVE-2019-6109 cpe:2.3:a:openbsd:openssh:*:* 7.9 2024-11-21 13:45
2019-02-1
Show GitHub Exploit DB Packet Storm
32 5.3
2.6
MEDIUM
Network
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the tar… CWE-863
 Incorrect Authorization
CVE-2018-20685 cpe:2.3:a:openbsd:openssh:*:* 7.9 2024-11-21 13:01
2019-01-11
Show GitHub Exploit DB Packet Storm
33 5.3
5.0
MEDIUM
Network
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states … CWE-200
Information Exposure
CVE-2018-15919 cpe:2.3:a:openbsd:openssh:*:* 5.9 7.8 2024-11-21 12:51
2018-08-28
Show GitHub Exploit DB Packet Storm
34 5.3
5.0
MEDIUM
Network
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, re… CWE-362
Race Condition
CVE-2018-15473 cpe:2.3:a:openbsd:openssh:*:* 7.7 2024-11-21 12:50
2018-08-18
Show GitHub Exploit DB Packet Storm
35 7.5
5.0
HIGH
Network
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, relat… CWE-476
 NULL Pointer Dereference
CVE-2016-10708 cpe:2.3:a:openbsd:openssh:*:* 7.4 2024-11-21 11:44
2018-01-22
Show GitHub Exploit DB Packet Storm
36 5.3
5.0
MEDIUM
Network
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. CWE-732
 Incorrect Permission Assignment for Critical Resource
CVE-2017-15906 cpe:2.3:a:openbsd:openssh:*:* 7.6 2024-11-21 12:15
2017-10-26
Show GitHub Exploit DB Packet Storm
37 9.8
7.5
CRITICAL
Network
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to t… CWE-287
Improper Authentication
CVE-2016-1908 cpe:2.3:a:openbsd:openssh:*:* 7.2 2024-11-21 11:47
2017-04-12
Show GitHub Exploit DB Packet Storm
38 5.9
4.3
MEDIUM
Network
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enu… CWE-200
Information Exposure
CVE-2016-6210 cpe:2.3:a:openbsd:openssh:*:p2 7.2 2024-11-21 11:55
2017-02-14
Show GitHub Exploit DB Packet Storm
39 7.8
7.2
HIGH
Local
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local use… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2016-10012 cpe:2.3:a:openbsd:openssh:*:* 7.3 2024-11-21 11:43
2017-01-5
Show GitHub Exploit DB Packet Storm
40 5.5
2.1
MEDIUM
Local
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging … CWE-320
 Key Management Errors
CVE-2016-10011 cpe:2.3:a:openbsd:openssh:*:* 7.3 2024-11-21 11:43
2017-01-5
Show GitHub Exploit DB Packet Storm