Debian/openssh — 126 CVEs

Loading…

All known vulnerabilities

CRITICAL9.8CVE-2023-38408openssh - security update

from 0, < 1:7.9p1-10+deb10u3

CRITICAL9.8CVE-2023-38408openssh - security update

from 0, < 1:8.4p1-5+deb11u2

CRITICAL9.8CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.

from 0, < 1:9.2p1-2+deb12u2

CRITICAL9.8The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for ac…

from 0, < 1:7.2p1-1

CRITICAL9.8Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentic…

from 0, < 1:3.4

HIGH8.1OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with…

from 0, < 1:8.4p1-5+deb11u7

HIGH8.1In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line.

from 0, < 1:8.4p1-5+deb11u7

HIGH8.1In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the…

from 0, < 1:8.4p1-5+deb11u7

HIGH8.1openssh - security update

from 0, < 1:9.2p1-2+deb12u3

HIGH8.1openssh - security update

from 0, < 1:9.2p1-2+deb12u3

HIGH8.1The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when cert…

from 0, < 1:7.1p2-1

HIGH8.1The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-inter…

from 0, < 1:6.9p1-1

HIGH8.1openssh - denial of service

from 0, < 1:4.6p1-1

HIGH8.1openssh - denial of service

from 0, < 1:4.3p2-9etch3

HIGH7.8OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a cli…

from 0, < 1:8.1p1-1

HIGH7.8The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds chec…

from 0, < 1:7.4p1-1

HIGH7.8openssh - security update

from 0, < 1:6.0p1-4+deb7u4

HIGH7.8openssh - security update

from 0, < 1:7.2p2-3

HIGH7.5Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions.

from 0, < 1:8.4p1-5+deb11u6

HIGH7.5OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an Ob…

from 0, < 1:9.8p1-1

HIGH7.5The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicio…

from 0, < 1:8.3p1-1

HIGH7.5openssh - security update

from 0, < 1:6.0p1-4+deb7u7

HIGH7.5openssh - security update

from 0, < 1:7.4p1-1

HIGH7.5The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory con…

from 0, < 1:7.3p1-2

HIGH7.5openssh - security update

from 0, < 1:7.3p1-1

HIGH7.5openssh - security update

from 0, < 1:6.0p1-4+deb7u6

HIGH7.5The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login,…

from 0, < 1:6.0p1-4

HIGH7.5The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option…

from 0, < 1:5.8p1-2

HIGH7.5OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable…

from 0, < 4.7p1-9

HIGH7.4scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destina…

from 0

HIGH7.3Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PK…

from 0, < 1:7.4p1-1

HIGH7.1ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket a…

from 0, < 1:8.4p1-5

HIGH7.0openssh - security update

from 0, < 1:7.9p1-10+deb10u4

HIGH7.0openssh - security update

from 0, < 1:8.4p1-5+deb11u3

HIGH7.0sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local u…

from 0, < 1:7.4p1-1

HIGH7.0Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms mig…

from 0, < 1:6.9p1-1

MEDIUM6.8openssh - security update

from 0, < 1:9.2p1-2+deb12u5

MEDIUM6.8openssh - security update

from 0, < 1:8.4p1-5+deb11u4

MEDIUM6.8openssh - security update

from 0, < 1:8.4p1-5+deb11u4

MEDIUM6.8In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker)…

from 0

MEDIUM6.8An issue was discovered in OpenSSH 7.9.

from 0, < 1:7.9p1-6

MEDIUM6.5OpenSSH before 10.3 can use unintended ECDSA algorithms.

from 0, < 1:8.4p1-5+deb11u7

MEDIUM6.5In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is refer…

from 0, < 1:8.4p1-5+deb11u3

MEDIUM6.5OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling.

from 0, < 1:9.2p1-1

MEDIUM6.5openssh - security update

from 0, < 1:5.5p1-6+squeeze8

MEDIUM6.5openssh - security update

from 0, < 1:7.1p2-1

MEDIUM6.5openssh - security update

from 0, < 1:6.0p1-4+deb7u3

MEDIUM6.5The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHF…

from 0, < 1:6.6p1-1

MEDIUM6.5The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command…

from 0, < 1:5.6p1-1

MEDIUM6.4Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended sh…

from 0, < 1:7.2p2-1

MEDIUM6.4The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX r…

from 0, < 1:6.9p1-1

MEDIUM5.9A flaw was found in the OpenSSH package.

from 0, < 1:9.9p2-1

MEDIUM5.9erlang - security update

from 0, < 1:8.4p1-5+deb11u3

MEDIUM5.9erlang - security update

from 0, < 1:8.4p1-5+deb11u3

MEDIUM5.9The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation.

from 0

MEDIUM5.9openssh - security update

from 0, < 1:7.9p1-9

MEDIUM5.9openssh - security update

from 0, < 1:7.4p1-10+deb9u6

MEDIUM5.9openssh - security update

from 0, < 1:7.2p2-6

MEDIUM5.9openssh - security update

from 0, < 1:6.7p1-5+deb8u3

MEDIUM5.9openssh - security update

from 0, < 1:6.0p1-4+deb7u5

MEDIUM5.5In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied.

from 0, < 1:9.2p1-2+deb12u2

MEDIUM5.5authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local user…

from 0, < 1:7.4p1-1

MEDIUM5.3OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH…

from 0