CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-5794 – OpenSSH privilege separation flaw
https://notcve.org/view.php?id=CVE-2006-5794
08 Nov 2006 — Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. Vulnerabilidad sin especificar en el sshd Privilege Separation Monitor en OpenSSH para versiones anteriores a la 4.5 que provoca una verifi... • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 4CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
27 Sep 2006 — Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especif... • https://github.com/bigb0x/CVE-2024-6387 • CWE-415: Double Free •
CVSS: 9.1EPSS: 14%CPEs: 56EXPL: 0CVE-2006-5052 – Kerberos information leak
https://notcve.org/view.php?id=CVE-2006-5052
27 Sep 2006 — Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." Vulnerabilidad no especificada en OpenSSH portable anterior a 4.4, cuando funciona sobre algunas plataformas permite a un atacante remoto determinan la validación de los nombres de usuario a través de vectores desconocidos afectando a GSSAPI "aborto de validacion." • http://docs.info.apple.com/article.html?artnum=305214 •
CVSS: 7.8EPSS: 44%CPEs: 56EXPL: 2CVE-2006-4924 – OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-4924
27 Sep 2006 — sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un paquete SSH que contiene bloques duplicados, los cuales no s... • https://www.exploit-db.com/exploits/2444 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2006-0225 – local to local copy uses shell expansion twice
https://notcve.org/view.php?id=CVE-2006-0225
25 Jan 2006 — scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. scp en OpenSSH 4.2p1 permite a atacantes ejecutar órdenes de su elección mediante nombres de ficheros que contienen metacaractéres o espacios, que son expandidos dos veces. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch •
CVSS: 9.8EPSS: 2%CPEs: 32EXPL: 0CVE-2005-2798
https://notcve.org/view.php?id=CVE-2005-2798
06 Sep 2005 — sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt •
CVSS: 9.1EPSS: 0%CPEs: 30EXPL: 0CVE-2005-2666 – openssh vulnerable to known_hosts address harvesting
https://notcve.org/view.php?id=CVE-2005-2666
23 Aug 2005 — SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1653
https://notcve.org/view.php?id=CVE-2004-1653
31 Aug 2004 — The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. • http://marc.info/?l=bugtraq&m=109413637313484&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2004-0175
https://notcve.org/view.php?id=CVE-2004-0175
03 Jun 2004 — Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. Vulnerabilidad de atravesamiento de directorios en scp de OpenSSH anteriores a 3.4p1 permite a servidores remotos maliciosos sobreescribir ficheros de su eleccion. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 45EXPL: 0CVE-2003-1562
https://notcve.org/view.php?id=CVE-2003-1562
31 Dec 2003 — sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •