CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2016-7406 – DiCal-RED 4009 Outdated Third Party Components
https://notcve.org/view.php?id=CVE-2016-7406
21 Feb 2017 — Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. Vulnerabilidad de formato de cadena en Dropbear SSH en versiones anteriores a 2016.74 permite a atacantes remotos ejecutar código arbitrario a través de especificadores de cadena de formato en el (1) nombre de usuario o (2) argumento de anfitrión. Multiple vulnerabilities have been found in Dropbear, the worst of which allows remo... • http://www.openwall.com/lists/oss-security/2016/09/15/2 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 27%CPEs: 1EXPL: 3CVE-2016-3116 – DropBearSSHD 2015.71 - Command Injection
https://notcve.org/view.php?id=CVE-2016-3116
15 Mar 2016 — CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. Vulnerabilidad de inyección CRLF en Dropbear SSH en versiones anteriores a 2016.72 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de datos X11 manipulados. Dropbear sshd versions 2015.71 and below suffer from a command injection vulnerability via xauth. An a... • https://packetstorm.news/files/id/136251 •
CVSS: 7.5EPSS: 25%CPEs: 1EXPL: 0CVE-2013-4421 – Mandriva Linux Security Advisory 2013-261
https://notcve.org/view.php?id=CVE-2013-4421
25 Oct 2013 — The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed. La función buf_decompress en packet.c en Dropbear SSH Server anterior a 2013.59 permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de un paquete de gran tamaño al ser descomprimido. Possible memory exhaustion denial of service due to the size of decomp... • http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 1CVE-2013-4434 – Mandriva Linux Security Advisory 2013-261
https://notcve.org/view.php?id=CVE-2013-4434
25 Oct 2013 — Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames. Dropbear SSH Server anterior a 2013.59 genera mensajes de error durante un intento de inicio de sesión fallido con diferentes retardos de tiempo en función de si existe la cuenta de usuario, lo que permite a atacantes remotos para descubrir los nombres de usuario válidos. Possible memory exha... • https://github.com/styx00/Dropbear_CVE-2013-4434 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 25%CPEs: 36EXPL: 4CVE-2012-5975 – (SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-5975
04 Dec 2012 — The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c. La característica SSH USERAUTH CHANGE REQUEST... • https://www.exploit-db.com/exploits/23082 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2012-0920 – Gentoo Linux Security Advisory 201309-20
https://notcve.org/view.php?id=CVE-2012-0920
05 Jun 2012 — Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency." Una vulnerabilidad de uso después de liberación vulnerabilidad en Dropbear SSH Server v0.52 a 2012.54 cuando la restricción de comandos y la autenticación de clave pública están habilitadas, lo permite a ... • http://matt.ucc.asn.au/dropbear/CHANGES • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2011-0766
https://notcve.org/view.php?id=CVE-2011-0766
31 May 2011 — The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. El generador de números aleatorios de la aplicación Crypto en versiones anteriores a la 2.0.2.2, y SSH anteriores a 2.0.5, como es usado en la librería Erlang/OTP ssh en versiones anteriores a la R14B03, utiliza semillas predecibles b... • http://secunia.com/advisories/44709 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 3%CPEs: 167EXPL: 0CVE-2008-5161 – OpenSSH: Plaintext Recovery Attack against CBC ciphers
https://notcve.org/view.php?id=CVE-2008-5161
19 Nov 2008 — Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote a... • http://isc.sans.org/diary.html?storyid=5366 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-5616
https://notcve.org/view.php?id=CVE-2007-5616
09 Jan 2008 — ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors. ssh-signer en SSH Tectia Client y Server 5.x anterior a 5.2.4, y 5.3.x anterior a 5.3.6, sobre Unix y Linux permite a usuarios locales ganar privilegios a través de vectores no especificados. • http://secunia.com/advisories/28247 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2007-2063
https://notcve.org/view.php?id=CVE-2007-2063
18 Apr 2007 — SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact. SSH Tectia Server para IBM z/OS versiones anteriores a 5.4.0, usa permisos no seguros de escritura mundial para (1) el archivo pid del s... • http://osvdb.org/34998 • CWE-264: Permissions, Privileges, and Access Controls •