Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Openssh Number Of NVD 113 CRITICAL 5 HIGH 44 MEDIUM 53 LOW 11
URL https://www.openssh.com/
Explanation It is an SSH implementation developed by the OpenBSD project and used on many Unix and Linux systems.
It can also be used on Windows, as the OpenSSH client can be easily installed.
Tag
  • BSD License
  • オープンソース
Add Information URL
No Type Name URL
1 https://anongit.mindrot.org/openssh
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 OpenSSH 9 9.9p2 Feb. 18, 2025 April 8, 2022 2 2 5 0
42 OpenSSH 8 8.9 Feb. 23, 2022 April 17, 2019 2 7 6 1
43 OpenSSH 7 OpenSSH 7.9 Oct. 19, 2018 Aug. 11, 2015 2 12 17 1
44 OpenSSH 6 OpenSSH 6.9 July 1, 2015 April 22, 2012 2 14 23 2
45 OpenSSH 5 OpenSSH 5.9 Sept. 6, 2011 April 3, 2008 2 12 22 6
46 OpenSSH 4 OpenSSH 4.9 March 31, 2008 March 9, 2005 2 18 30 9
47 OpenSSH 3 OpenSSH 3.9 Aug. 18, 2004 Nov. 6, 2001 4 28 30 7
48 OpenSSH 8.4 8.4 1 3 5 1
49 OpenSSH 8.3 8.3 1 4 5 1
50 OpenSSH 8.2 8.2 1 5 5 1
51 OpenSSH 8.1 8.1 1 3 5 1
52 OpenSSH 8.0 8.0 1 4 5 1
53 OpenSSH 7.9 7.9 1 4 9 1
54 OpenSSH 7.8 7.8 1 4 10 1
55 OpenSSH 7.7 7.7 1 4 11 1
56 OpenSSH 7.6 7.6 1 3 11 1
57 OpenSSH 7.5 7.5 1 3 12 1
58 OpenSSH 7.4 7.4 1 3 12 1
59 OpenSSH 7.3 7.3 1 8 13 1
60 OpenSSH 7.2 7.2p2 March 10, 2016 1 10 15 1
61 OpenSSH 7.1 7.1p2 Jan. 14, 2016 2 11 17 1
62 OpenSSH 7.0 7.0 2 11 17 1
63 OpenSSH 6.9 6.9 2 13 18 2
64 OpenSSH 6.8 6.8 2 13 19 2
65 OpenSSH 6.7 6.7 2 11 17 2
66 OpenSSH 6.6 6.6 2 11 18 2
67 OpenSSH 6.5 6.5 2 11 19 2
68 OpenSSH 6.4 6.4 2 12 19 2
69 OpenSSH 6.3 6.3 2 12 20 2
70 OpenSSH 6.2 6.2p2 May 16, 2013 2 12 20 2
71 OpenSSH 6.1 6.1 2 11 20 2
72 OpenSSH 6.0 6.0 2 11 20 2
73 OpenSSH 5.9 5.9 2 11 20 2
74 OpenSSH 5.8p2 5.8p2 2 10 19 2
75 OpenSSH 5.8 5.8p2 May 3, 2011 2 11 20 4
76 OpenSSH 5.7 5.7 2 11 21 4
77 OpenSSH 5.6 5.6 2 12 20 5
78 OpenSSH 5.5 5.5 2 12 19 5
79 OpenSSH 5.4 5.4 2 12 19 5
80 OpenSSH 5.3 5.3 2 11 19 5
81 OpenSSH 5.2 5.2 2 11 19 5
82 OpenSSH 5.1 5.1 2 11 19 5
83 OpenSSH 5.0 5.0 2 11 19 6
84 OpenSSH 4.9 4.9 2 11 19 6
85 OpenSSH 4.8 4.8 2 11 21 6
86 OpenSSH 4.7p1 4.7p1 2 11 18 7
87 OpenSSH 4.7 4.7 2 11 20 7
88 OpenSSH 4.6 4.6 2 12 21 6
89 OpenSSH 4.5 4.5 2 14 22 7
90 OpenSSH 4.4p1 4.4p1 2 12 21 6
91 OpenSSH 4.4 4.4 2 15 21 6
92 OpenSSH 4.3p2 4.3p2 2 12 22 6
93 OpenSSH 4.3p1 4.3p1 2 13 21 6
94 OpenSSH 4.3 4.3p2 Feb. 11, 2006 2 16 24 6
95 OpenSSH 4.2p1 4.2p1 2 13 22 6
96 OpenSSH 4.2 4.2 2 16 22 6
97 OpenSSH 4.1p1 4.1p1 2 13 23 6
98 OpenSSH 4.1 4.1 2 16 23 7
99 OpenSSH 4.0p1 4.0p1 2 13 23 6
100 OpenSSH 4.0 4.0 2 16 25 6
101 OpenSSH 3.9 3.9.1p1 2 16 24 7
102 OpenSSH 3.8 3.8.1p1 2 16 25 7
103 OpenSSH 3.7 3.7.1p2 2 21 25 7
104 OpenSSH 3.6 3.6.1p2 2 21 26 7
105 OpenSSH 3.5p1 3.5p1 2 17 24 7
106 OpenSSH 3.5 3.5 2 20 26 7
107 OpenSSH 3.4p1 3.4p1 2 17 24 7
108 OpenSSH 3.4 3.4 2 20 26 7
109 OpenSSH 3.3p1 3.3p1 2 18 24 7
110 OpenSSH 3.3 3.3 3 21 26 7
111 OpenSSH 3.2 3.2.3p1 3 23 26 7
112 OpenSSH 3.1p1 3.1p1 2 18 24 7
113 OpenSSH 3.1 3.1 3 22 26 7
114 OpenSSH 3.0p1 3.0p1 2 19 24 7
115 OpenSSH 3.0 3.0.2p1 4 24 27 7
116 OpenSSH 2.9p2 2.9p2 4 23 23 6
117 OpenSSH 2.9p1 2.9p1 4 23 23 6
118 OpenSSH 2.9 2.9p2 June 17, 2001 3 27 24 6
119 OpenSSH 2.5 2.5.2p2 March 22, 2001 3 27 24 6
120 OpenSSH 2.3 2.3.0p1 Nov. 6, 2000 3 27 25 6
121 OpenSSH 2.2 2.2.0p1 Sept. 1, 2000 3 29 24 6
122 OpenSSH 2.1 2.1.1p4 July 16, 2000 3 29 25 6
123 OpenSSH 2 OpenSSH 2.9.9 Sept. 25, 2001 4 30 26 6
124 OpenSSH 1.5 1.5.8 2 23 22 6
125 OpenSSH 1.3 1.3 2 23 22 6
126 OpenSSH 1.2 1.2.3p1 March 24, 2000 2 27 28 7
127 OpenSSH 1 OpenSSH 1.2.3p1 March 24, 2000 2 27 28 7
128 OpenSSH - - 2 22 24 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 -
1.9 		LOW The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation a… CWE-20
 Improper Input Validation  		CVE-2015-6563 cpe:2.3:a:openbsd:openssh:*:* 6.9 2024-11-21 11:35
2015-08-24 		Show GitHub Exploit DB Packet Storm
42 -
8.5 		HIGH The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it ea… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-5600 cpe:2.3:a:openbsd:openssh:*:* 6.9 2024-11-21 11:33
2015-08-3 		Show GitHub Exploit DB Packet Storm
43 -
4.3 		MEDIUM The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for re… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-5352 cpe:2.3:a:openbsd:openssh:*:* 6.8 2024-11-21 11:32
2015-08-3 		Show GitHub Exploit DB Packet Storm
44 -
4.0 		MEDIUM The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in th… CWE-287
Improper Authentication 		CVE-2014-9278 cpe:2.3:a:openbsd:openssh:-:* 2024-11-21 11:20
2014-12-7 		Show GitHub Exploit DB Packet Storm
45 -
5.8 		MEDIUM The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertific… CWE-20
 Improper Input Validation  		CVE-2014-2653 cpe:2.3:a:openbsd:openssh:6.5:*
cpe:2.3:a:openbsd:openssh:6.4:*
cpe:2.3:a:openbsd:openssh:6.3:*
cpe:2.3:a:open… 		6.6 2024-11-21 11:06
2014-03-27 		Show GitHub Exploit DB Packet Storm
46 4.9
5.8 		MEDIUM
Network 		sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring locate… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-2532 cpe:2.3:a:openbsd:openssh:6.4:*
cpe:2.3:a:openbsd:openssh:6.3:*
cpe:2.3:a:openbsd:openssh:6.2:*
cpe:2.3:a:open… 		6.5 2024-11-21 11:06
2014-03-18 		Show GitHub Exploit DB Packet Storm
47 -
2.1 		LOW ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information … CWE-200
Information Exposure 		CVE-2011-4327 cpe:2.3:a:openbsd:openssh:5.7:*
cpe:2.3:a:openbsd:openssh:5.6:*
cpe:2.3:a:openbsd:openssh:5.5:*
cpe:2.3:a:open… 		5.8 2024-11-21 10:32
2014-02-3 		Show GitHub Exploit DB Packet Storm
48 -
7.5 		HIGH The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attack… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-1692 cpe:2.3:a:openbsd:openssh:*:* 6.4 2024-11-21 11:04
2014-01-30 		Show GitHub Exploit DB Packet Storm
49 -
6.0 		MEDIUM The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-4548 cpe:2.3:a:openbsd:openssh:6.3:*
cpe:2.3:a:openbsd:openssh:6.2:* 		2024-11-21 10:55
2013-11-9 		Show GitHub Exploit DB Packet Storm
50 -
5.0 		MEDIUM The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial… NVD-CWE-Other
CVE-2010-5107 cpe:2.3:a:openbsd:openssh:6.0:*
cpe:2.3:a:openbsd:openssh:5.9:*
cpe:2.3:a:openbsd:openssh:5.8p2:*
cpe:2.3:a:op… 		6.1 2024-11-21 10:22
2013-03-8 		Show GitHub Exploit DB Packet Storm