|
51
|
-
6.9
|
MEDIUM
|
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging contro…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6564
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
6.9
|
|
|
2024-11-21 11:35
2015-08-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
-
1.9
|
LOW
|
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation a…
|
CWE-20
Improper Input Validation
|
CVE-2015-6563
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
6.9
|
|
|
2024-11-21 11:35
2015-08-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
-
8.5
|
HIGH
|
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it ea…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5600
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
6.9
|
|
|
2024-11-21 11:33
2015-08-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
-
4.3
|
MEDIUM
|
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5352
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
6.8
|
|
|
2024-11-21 11:32
2015-08-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
-
4.0
|
MEDIUM
|
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in th…
|
CWE-287
Improper Authentication
|
CVE-2014-9278
|
cpe:2.3:a:openbsd:openssh:-:*
|
|
|
|
|
2024-11-21 11:20
2014-12-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
-
5.8
|
MEDIUM
|
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertific…
|
CWE-20
Improper Input Validation
|
CVE-2014-2653
|
cpe:2.3:a:openbsd:openssh:6.5:* cpe:2.3:a:openbsd:openssh:6.4:* cpe:2.3:a:openbsd:openssh:6.3:* cpe:2.3:a:open…
|
|
6.6
|
|
|
2024-11-21 11:06
2014-03-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
4.9
5.8
|
MEDIUM
Network
|
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring locate…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2532
|
cpe:2.3:a:openbsd:openssh:6.4:* cpe:2.3:a:openbsd:openssh:6.3:* cpe:2.3:a:openbsd:openssh:6.2:* cpe:2.3:a:open…
|
|
6.5
|
|
|
2024-11-21 11:06
2014-03-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
-
2.1
|
LOW
|
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information …
|
CWE-200
Information Exposure
|
CVE-2011-4327
|
cpe:2.3:a:openbsd:openssh:5.7:* cpe:2.3:a:openbsd:openssh:5.6:* cpe:2.3:a:openbsd:openssh:5.5:* cpe:2.3:a:open…
|
|
5.8
|
|
|
2024-11-21 10:32
2014-02-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
-
7.5
|
HIGH
|
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attack…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-1692
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
6.4
|
|
|
2024-11-21 11:04
2014-01-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
-
6.0
|
MEDIUM
|
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4548
|
cpe:2.3:a:openbsd:openssh:6.3:* cpe:2.3:a:openbsd:openssh:6.2:*
|
|
|
|
|
2024-11-21 10:55
2013-11-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|