cbcvebase.

Openbsd OpenSSH vulnerabilities

125 known vulnerabilities affecting openbsd/openssh.

Total CVEs
125
CISA KEV
0
Public exploits
24
Exploited in wild
10
Severity breakdown
CRITICAL12HIGH46MEDIUM54LOW13

Vulnerabilities

Page 6 of 7
CVE-2009-2904P4MEDIUMCVSS 6.9v4.3v4.82009-10-01
CVE-2009-2904 [MEDIUM] CWE-16 CVE-2009-2904: A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in Ope A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
nvd
CVE-2007-4654P4MEDIUMCVSS 5.0v3.0.2p12007-09-04
CVE-2007-4654 [MEDIUM] CVE-2007-4654: Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Con Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibl
nvd
CVE-2008-2285P4HIGHCVSS 7.5≥ 0, < 1:4.7p1-102008-05-18
CVE-2008-2285 [HIGH] CVE-2008-2285: The ssh-vulnkey tool on Ubuntu Linux 7 The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
osv
CVE-2021-36368P4LOWCVSS 3.7fixed in 8.92022-03-13
CVE-2021-36368 [LOW] CWE-287 CVE-2021-36368: An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with a An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to
nvdosv
CVE-2007-3102P4MEDIUMCVSS 4.3v4.3p22007-10-18
CVE-2007-3102 [MEDIUM] CVE-2007-3102: Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedo Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
nvd
CVE-2007-2243P4MEDIUMCVSS 5.0v1.2v1.2.1+60 more2007-04-25
CVE-2007-2243 [MEDIUM] CWE-287 CVE-2007-2243: OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
nvd
CVE-2011-4327P4MEDIUMCVSS 5.5≤ 5.8v1.2+78 more2014-02-03
CVE-2011-4327 [MEDIUM] CWE-200 CVE-2011-4327: ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper w ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
nvd
CVE-2004-0175P4MEDIUMCVSS 4.3v3.0v3.0.1+13 more2004-08-18
CVE-2004-0175 [MEDIUM] CVE-2004-0175: Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
nvdosv
CVE-2010-4755P4MEDIUMCVSS 4.0≤ 5.8v1.2+78 more2011-03-02
CVE-2010-4755 [MEDIUM] CVE-2010-4755: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5. The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrate
nvd
CVE-2004-2069P4MEDIUMCVSS 5.0v3.6.1p2v3.7.1p22004-12-31
CVE-2004-2069 [MEDIUM] CVE-2004-2069: sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
nvdosv
CVE-2005-2798P4MEDIUMCVSS 5.0v3.0v3.0.1+30 more2005-09-06
CVE-2005-2798 [MEDIUM] CVE-2005-2798: sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
nvdosv
CVE-2005-2797P4MEDIUMCVSS 5.0v4.02005-09-06
CVE-2005-2797 [MEDIUM] CVE-2005-2797: OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" o OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
nvdosv
CVE-2001-0529P4HIGHCVSS 7.2≤ 2.92001-08-14
CVE-2001-0529 [HIGH] CVE-2001-0529: OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any fi OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
nvd
CVE-2025-61984P4LOWCVSS 3.6fixed in 10.12025-10-06
CVE-2025-61984 [LOW] CWE-159 CVE-2025-61984: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possib ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not c
nvdosv
CVE-2008-1483P4MEDIUMCVSS 6.9v4.3p22008-03-24
CVE-2008-1483 [MEDIUM] CWE-264 CVE-2008-1483: OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
nvdosv
CVE-2025-32728P4LOWCVSS 3.8≥ 7.4, < 10.02025-04-10
CVE-2025-32728 [LOW] CWE-440 CVE-2025-32728: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
nvdosv
CVE-2025-61985P4LOWCVSS 3.6fixed in 10.12025-10-06
CVE-2025-61985 [LOW] CWE-158 CVE-2025-61985: ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code e ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
nvdosv
CVE-2000-0217P4MEDIUMCVSS 5.1v1.22000-02-24
CVE-2000-0217 [MEDIUM] CVE-2000-0217: The default configuration of SSH allows X forwarding, which could allow a remote attacker to control The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
nvd
CVE-2011-5000P4LOWCVSS 3.5≤ 5.8v1.2+64 more2012-04-05
CVE-2011-5000 [LOW] CWE-189 CVE-2011-5000: The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic a The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
nvdosv
CVE-2001-0361P4MEDIUMCVSS 4.0v1.2.3v2.1+1 more2001-06-27
CVE-2001-0361 [MEDIUM] CWE-310 CVE-2001-0361: Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
nvd
Openbsd OpenSSH vulnerabilities | cvebase