CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2016-1908 – openssh: possible fallback from untrusted to trusted X11 forwarding
https://notcve.org/view.php?id=CVE-2016-1908
22 Mar 2016 — The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. El cliente en OpenSSH en versiones anteriores a 7.2 no maneja correctamente falló en la generación de cookies para el reenvío... • http://openwall.com/lists/oss-security/2016/01/15/13 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 2%CPEs: 58EXPL: 0CVE-2016-0777 – OpenSSH: Client Information leak due to use of roaming connection feature
https://notcve.org/view.php?id=CVE-2016-0777
14 Jan 2016 — The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. La función resend_bytes en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2 permite a servidores remotos obtener información sensible desde la memoria de proceso mediante la petición de transmisión de un bu... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •
CVSS: 8.1EPSS: 0%CPEs: 44EXPL: 1CVE-2016-0778 – OpenSSH: Client buffer-overflow when using roaming connections
https://notcve.org/view.php?id=CVE-2016-0778
14 Jan 2016 — The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en ve... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9278 – openssh: ~/.k5users unexpectedly grants remote login
https://notcve.org/view.php?id=CVE-2014-9278
06 Dec 2014 — The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. El servidor OpenSSH, utilizado en Fedora y Red Hat Enterprise Linux 7 y cuando funciona en un entorno Kerberos, permite a usuarios remotos autenticados iniciar sesión como otro usuario cuando est... • http://rhn.redhat.com/errata/RHSA-2015-0425.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 96%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
16 May 2011 — Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamie... • https://www.exploit-db.com/exploits/35738 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1013 – kernel: drm_modeset_ctl signedness issue
https://notcve.org/view.php?id=CVE-2011-1013
09 May 2011 — Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. Error de enteros sin signo en F... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1922756124ddd53846877416d92ba4a802bc658f • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2904 – openssh: possible privilege escalation when using ChrootDirectory setting
https://notcve.org/view.php?id=CVE-2009-2904
01 Oct 2009 — A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. Ciertas modificaciones Ret Hat en ChrootDirectory feature en OpenSSH v4.8, como el usado en sshd en OpenSSH v4.3 en Red Hat Enterprise Linux (RHEL) v5.4 y Fedora v11, per... • http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html • CWE-16: Configuration •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3831 – kernel: i915 kernel drm driver arbitrary ioremap
https://notcve.org/view.php?id=CVE-2008-3831
20 Oct 2008 — The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. El driver i915 en (1) drivers/char/drm/i915_dma.c en el kernel v2.6.24 de Linux en De... • http://archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 2049EXPL: 1CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
20 Oct 2008 — The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, p... • https://github.com/mrclki/sockstress • CWE-16: Configuration •
CVSS: 7.5EPSS: 7%CPEs: 133EXPL: 1CVE-2008-4109
https://notcve.org/view.php?id=CVE-2008-4109
17 Sep 2008 — A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. Cierto parche de Debian para OpenSSH en versiones anteriores a 4.3p2-9etch3 en etch, y versiones an... • https://github.com/bigb0x/CVE-2024-6387 • CWE-264: Permissions, Privileges, and Access Controls •