Page 11 of 89 results (0.007 seconds)

CVSS: 7.8EPSS: 93%CPEs: 56EXPL: 2

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un paquete SSH que contiene bloques duplicados, los cuales no se manejan correctamente por el detector de ataque de compensación CRC. • https://www.exploit-db.com/exploits/2444 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability http://bugs.gentoo.org/show_bug.cgi?id=148228 http://docs.info.apple.com/article.html?artnum=305214 http://itrc.hp.com/service/cki/docDisplay • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 4%CPEs: 9EXPL: 0

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc http://bugzilla.mindrot.org/show_bug.cgi?id=839 http://securityreason.com/securityalert/520 http://securitytracker.com/id?1015706 http://www.osvdb.org/23797 http://www.securityfocus.com/bid/16892 http://www.vupen.com/english/advisories/2006/0805 https://exchange.xforce.ibmcloud.com/vulnerabilities/25116 • CWE-399: Resource Management Errors •

CVSS: 4.6EPSS: 0%CPEs: 33EXPL: 0

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. scp en OpenSSH 4.2p1 permite a atacantes ejecutar órdenes de su elección mediante nombres de ficheros que contienen metacaractéres o espacios, que son expandidos dos veces. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability http://docs.info.apple.com/article.html?artnum=305214 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://secunia.com/advisories/18579 http://secunia.com/advisories/18595 http: •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt http://marc.info/?l=bugtraq&m=112605977304049&w=2 http://secunia.com/advisories/16686 http://secunia.com/advisories/18010 http://secunia.com/advisories/18661 http://secunia.com/advisories/19243 http://securitytracker.com/id?1014845 http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm http://www.mindrot.org/pipermai •

CVSS: 5.0EPSS: 1%CPEs: 32EXPL: 0

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://secunia.com/advisories/16686 http://secunia.com/advisories/17077 http://secunia.com/advisories/17245 http://secunia.com/advisories/18010 http://secunia.com/advisories/18406 http://secunia.com/advisories/18507 http://secunia.com/advisories/18661 http://secunia.com/advisories/18717 http://securitytracker.com/id?1014845 http:&# •