CVSS: 7.8EPSS: 84%CPEs: 2EXPL: 5CVE-2016-6515 – OpenSSH 7.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-6515
07 Aug 2016 — The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. La función auth_password en auth-passwd.c en sshd en OpenSSH en versiones anteriores a 7.3 no limita longitudes de contraseña para autenticación de contraseña, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU clave) a través de una caden... • https://packetstorm.news/files/id/140070 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 92%CPEs: 1EXPL: 8CVE-2016-6210 – OpenSSH 7.2p2 - Username Enumeration
https://notcve.org/view.php?id=CVE-2016-6210
18 Jul 2016 — sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. sshd en OpenSSH en versiones anteriores a 7.3, cuando SHA256 o SHA512 son utilizados para el hashing de la contraseña del usuario, utiliza BLOWFISH hashing en una contraseña estática cuando no existe el nombre d... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8325 – openssh: privilege escalation via user's PAM environment and UseLogin=yes
https://notcve.org/view.php?id=CVE-2015-8325
15 Apr 2016 — The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. La función do_setup_env en session.c en sshd en OpenSSH hasta la versión 7.2p2, cuando la funcionalidad UseLogin está activa y PAM está configurado para leer archivos... • http://rhn.redhat.com/errata/RHSA-2016-2588.html • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2016-1908 – openssh: possible fallback from untrusted to trusted X11 forwarding
https://notcve.org/view.php?id=CVE-2016-1908
22 Mar 2016 — The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. El cliente en OpenSSH en versiones anteriores a 7.2 no maneja correctamente falló en la generación de cookies para el reenvío... • http://openwall.com/lists/oss-security/2016/01/15/13 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 45%CPEs: 2EXPL: 2CVE-2016-3115 – OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
https://notcve.org/view.php?id=CVE-2016-3115
14 Mar 2016 — Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Múltiples vulnerabilidades de inyección CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de dat... • https://packetstorm.news/files/id/136234 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1907 – HP Security Bulletin HPSBMU03691 1
https://notcve.org/view.php?id=CVE-2016-1907
19 Jan 2016 — The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. La función ssh_packet_read_poll2 en packet.c en OpenSSH en versiones anteriores a 7.1p2 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de tráfico de red manipulado. Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 67%CPEs: 58EXPL: 0CVE-2016-0777 – OpenSSH: Client Information leak due to use of roaming connection feature
https://notcve.org/view.php?id=CVE-2016-0777
14 Jan 2016 — The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. La función resend_bytes en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2 permite a servidores remotos obtener información sensible desde la memoria de proceso mediante la petición de transmisión de un bu... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •
CVSS: 8.1EPSS: 1%CPEs: 44EXPL: 1CVE-2016-0778 – OpenSSH: Client buffer-overflow when using roaming connections
https://notcve.org/view.php?id=CVE-2016-0778
14 Jan 2016 — The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en ve... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.0EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6564 – openssh: Use-after-free bug related to PAM support
https://notcve.org/view.php?id=CVE-2015-6564
24 Aug 2015 — Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Vulnerabilidad de uso después de la liberación de la memoria en la función mm_answer_pam_free_ctx en monitor.c en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, podría permitir a usuarios locales obtener p... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2015-6565 – OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-6565
24 Aug 2015 — sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. El fichero sshd en OpenSSH 6.8 and 6.9 fija permisos de lectura para cualquier usuario en dispositivos TTY, lo que posibilita a usuarios locales provocar denegación de servicio (desorganización de terminales) o tener un impacto inesperado al escr... • https://packetstorm.news/files/id/140757 • CWE-264: Permissions, Privileges, and Access Controls •