cbcvebase.

Openbsd OpenSSH vulnerabilities

125 known vulnerabilities affecting openbsd/openssh.

Total CVEs
125
CISA KEV
0
Public exploits
24
Exploited in wild
10
Severity breakdown
CRITICAL12HIGH46MEDIUM54LOW13

Vulnerabilities

Page 1 of 7
CVE-2024-6387P1HIGHCVSS 8.1ExploitedPoCfixed in 4.4≥ 8.6, ≤ 9.8+3 more2024-07-01
CVE-2024-6387 [HIGH] CWE-364 CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race con A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
nvdosv
CVE-2023-38408P1CRITICALCVSS 9.8ExploitedPoCfixed in 9.3v9.32023-07-20
CVE-2023-38408 [CRITICAL] CVE-2023-38408: The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search pa The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
nvdosv
CVE-2023-48795P1MEDIUMCVSS 5.9ExploitedPoCfixed in 9.62023-12-18
CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr
nvdosv
CVE-2019-6111P1MEDIUMCVSS 5.9ExploitedPoCRansomware≤ 7.92019-01-31
CVE-2019-6111 [MEDIUM] CWE-22 CVE-2019-6111: An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, t An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker
nvdosv
CVE-2019-6110P1MEDIUMCVSS 6.8ExploitedPoCRansomware≤ 7.92019-01-31
CVE-2019-6110 [MEDIUM] CWE-838 CVE-2019-6110: In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
nvd
CVE-2018-20685P1MEDIUMCVSS 5.3ExploitedRansomware≤ 7.92019-01-10
CVE-2018-20685 [MEDIUM] CWE-863 CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrict In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
nvdosv
CVE-2019-6109P1MEDIUMCVSS 6.8ExploitedRansomware≤ 7.92019-01-31
CVE-2019-6109 [MEDIUM] CWE-116 CVE-2019-6109: An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
nvdosv
CVE-2023-25136P2MEDIUMCVSS 6.5Exploitedv9.12023-02-03
CVE-2023-25136 [MEDIUM] CWE-415 CVE-2023-25136: OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handl OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoret
nvdosv
CVE-2007-4752P2HIGHCVSS 7.5Exploited≤ 4.6v4.0+11 more2007-09-12
CVE-2007-4752 [HIGH] CWE-20 CVE-2007-4752: ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and us ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
nvdosv
CVE-2004-1653P2MEDIUMCVSS 6.4Exploited≤ 3.92004-08-31
CVE-2004-1653 [MEDIUM] CVE-2004-1653: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authentic The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
nvd
CVE-2016-6210P2MEDIUMCVSS 5.9PoC≤ 7.22017-02-13
CVE-2016-6210 [MEDIUM] CWE-200 CVE-2016-6210: sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
nvdosv
CVE-2018-15473P2MEDIUMCVSS 5.3PoC≤ 7.72018-08-17
CVE-2018-15473 [MEDIUM] CWE-362 CVE-2018-15473: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
nvdosv
CVE-2016-6515P2HIGHCVSS 7.5PoC≤ 7.22016-08-07
CVE-2016-6515 [HIGH] CWE-20 CVE-2016-6515: The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password le The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
nvdosv
CVE-2016-10009P2HIGHCVSS 7.3PoC≤ 7.32017-01-05
CVE-2016-10009 [HIGH] CWE-426 CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
nvdosv
CVE-2008-0166P2HIGHCVSS 7.5PoC≥ 0, < 4.7p1-92008-05-13
CVE-2008-0166 [HIGH] CVE-2008-0166: OpenSSL 0 OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
osv
CVE-2002-0640P3CRITICALCVSS 10.0PoCv1.2.2v1.2.3+24 more2002-07-03
CVE-2002-0640 [CRITICAL] CVE-2002-0640: Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
nvdosv
CVE-2016-3115P3MEDIUMCVSS 6.4PoC≤ 7.22016-03-22
CVE-2016-3115 [MEDIUM] CWE-93 CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote au Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
nvdosv
CVE-2001-0144P3CRITICALCVSS 10.0PoCv1.2.2v1.2.3+3 more2001-03-12
CVE-2001-0144 [CRITICAL] CVE-2001-0144: CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary comma CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
nvd
CVE-2002-0083P3CRITICALCVSS 9.8PoC≥ 2.0, < 3.12002-03-15
CVE-2002-0083 [CRITICAL] CWE-193 CVE-2002-0083: Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malic Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
nvd
CVE-2006-4924P3HIGHCVSS 7.8PoCv1.2v1.2.1+54 more2006-09-27
CVE-2006-4924 [HIGH] CWE-399 CVE-2006-4924: sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
nvdosv
Openbsd OpenSSH vulnerabilities | cvebase