| CVE-2024-6387 |
AVG-2855 |
High |
Yes |
Authentication bypass |
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default,... |
| CVE-2023-25136 |
AVG-2832 |
Unknown |
Yes |
Unknown |
pre-authentication double-free in unpriviledged sandboxed client process when the connecting clients banner causes the SSH_OLD_DHGEX to be set on the server |
| CVE-2021-41617 |
AVG-2422 |
Medium |
Yes |
Privilege escalation |
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are... |
| CVE-2021-28041 |
AVG-1657 |
Medium |
Yes |
Arbitrary code execution |
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy... |
| CVE-2019-6111 |
AVG-951 |
Medium |
Yes |
Arbitrary file overwrite |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to... |
| CVE-2019-6109 |
AVG-951 |
Low |
Yes |
Content spoofing |
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The- Middle attacker) can... |
| CVE-2018-20685 |
AVG-951 |
High |
Yes |
Insufficient validation |
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. |
| CVE-2018-15473 |
AVG-763 |
Medium |
Yes |
Information disclosure |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet... |
| CVE-2016-20012 |
AVG-2392 |
Low |
Yes |
Information disclosure |
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test... |
| CVE-2016-10012 |
AVG-110 |
Low |
Yes |
Insufficient validation |
It was found that the shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimizing... |
| CVE-2016-10011 |
AVG-110 |
Low |
No |
Information disclosure |
It was found that there is a theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such... |
| CVE-2016-10010 |
AVG-110 |
Medium |
No |
Privilege escalation |
It was found that when privilege separation was disabled in OpenSSH, forwarded Unix-domain sockets would be created by sshd with root privileges instead of... |
| CVE-2016-10009 |
AVG-110 |
Medium |
No |
Arbitrary code execution |
It was found that ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a... |