CVSS: 9.8EPSS: 2%CPEs: 25EXPL: 0CVE-2016-1908 – openssh: possible fallback from untrusted to trusted X11 forwarding
https://notcve.org/view.php?id=CVE-2016-1908
22 Mar 2016 — The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. El cliente en OpenSSH en versiones anteriores a 7.2 no maneja correctamente falló en la generación de cookies para el reenvío... • http://openwall.com/lists/oss-security/2016/01/15/13 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 45%CPEs: 2EXPL: 2CVE-2016-3115 – OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
https://notcve.org/view.php?id=CVE-2016-3115
14 Mar 2016 — Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Múltiples vulnerabilidades de inyección CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de dat... • https://packetstorm.news/files/id/136234 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1907 – HP Security Bulletin HPSBMU03691 1
https://notcve.org/view.php?id=CVE-2016-1907
19 Jan 2016 — The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. La función ssh_packet_read_poll2 en packet.c en OpenSSH en versiones anteriores a 7.1p2 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de tráfico de red manipulado. Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 67%CPEs: 58EXPL: 0CVE-2016-0777 – OpenSSH: Client Information leak due to use of roaming connection feature
https://notcve.org/view.php?id=CVE-2016-0777
14 Jan 2016 — The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. La función resend_bytes en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2 permite a servidores remotos obtener información sensible desde la memoria de proceso mediante la petición de transmisión de un bu... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •
CVSS: 8.1EPSS: 1%CPEs: 44EXPL: 1CVE-2016-0778 – OpenSSH: Client buffer-overflow when using roaming connections
https://notcve.org/view.php?id=CVE-2016-0778
14 Jan 2016 — The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en ve... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 2CVE-2015-5334 – Apple Security Advisory 2018-10-30-9
https://notcve.org/view.php?id=CVE-2015-5334
18 Oct 2015 — Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. Un error por un paso en la función OBJ_obj2txt en LibreSSL versiones anteriores a 2.3.1, permite a atacantes remotos causar una denegación de servicio (bloqueo del programa) o posi... • http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 1CVE-2015-5333 – Apple Security Advisory 2018-10-30-9
https://notcve.org/view.php?id=CVE-2015-5333
18 Oct 2015 — Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. Una pérdida de memoria en la función OBJ_obj2txt en LibreSSL versiones anteriores a 2.3.1 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) por medio de un gran número de identificadores de objetos ASN.1 en los certificados X.509. OS X El Capitan 10.11.4 and Security Up... • http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6563 – openssh: Privilege separation weakness related to PAM support
https://notcve.org/view.php?id=CVE-2015-6563
24 Aug 2015 — The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Vulnerabilidad en el componente monitor en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, acepta datos de nombre de... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2015-6565 – OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-6565
24 Aug 2015 — sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. El fichero sshd en OpenSSH 6.8 and 6.9 fija permisos de lectura para cualquier usuario en dispositivos TTY, lo que posibilita a usuarios locales provocar denegación de servicio (desorganización de terminales) o tener un impacto inesperado al escr... • https://packetstorm.news/files/id/140757 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6564 – openssh: Use-after-free bug related to PAM support
https://notcve.org/view.php?id=CVE-2015-6564
24 Aug 2015 — Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Vulnerabilidad de uso después de la liberación de la memoria en la función mm_answer_pam_free_ctx en monitor.c en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, podría permitir a usuarios locales obtener p... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •