CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 0CVE-2015-5352 – openssh: XSECURITY restrictions bypass under certain conditions in ssh(1)
https://notcve.org/view.php?id=CVE-2015-5352
09 Jul 2015 — The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. Vulnerabilidad en la función x11_open_helper en channels.c en ssh en OpenSSH en versiones anteriores a 6.9, cuando no se utiliza el modo ForwardX11Trusted, carece de una verificación de tiempo límite para... • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 1CVE-2014-2653 – openssh: failure to check DNS SSHFP records in certain scenarios
https://notcve.org/view.php?id=CVE-2014-2653
27 Mar 2014 — The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. La función verify_host_key en sshconnect.c en el cliente en OpenSSH 6.6 y anteriores permite a servidores remotos provocar la evasión de la comprobación SSHFP DNS RR mediante la presentación de HostCertificate no aceptable. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A... • http://advisories.mageia.org/MGASA-2014-0166.html • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2532 – openssh: AcceptEnv environment restriction bypass flaw
https://notcve.org/view.php?id=CVE-2014-2532
18 Mar 2014 — sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. sshd en OpenSSH anterior a 6.6 no soporta debidamente comodines en líneas AcceptEnv en sshd_config, lo que permite a atacantes remotos evadir restricciones de entorno mediante el uso de una subcadena localizada antes de un caracter de comodín. It was found that OpenSSH did not prop... • http://advisories.mageia.org/MGASA-2014-0143.html • CWE-138: Improper Neutralization of Special Elements CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 80EXPL: 0CVE-2011-4327
https://notcve.org/view.php?id=CVE-2011-4327
03 Feb 2014 — ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. ssh-keysign.c en ssh-keysign en OpenSSH anterior a 5.8p2 en ciertas plataformas ejecuta ssh-rand-helper con descriptores de archivos abiertos no deseados, lo cual permite a usuarios locales obtener información clave sensible a través de la llamada al sistema ptrace. • http://www.openssh.com/txt/portable-keysign-rand-helper.adv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2014-1692 – HP Security Bulletin HPSBUX03188 SSRT101487 1
https://notcve.org/view.php?id=CVE-2014-1692
29 Jan 2014 — The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition. La función hash_buffer en schnorr.c en OpenSSH hasta 6.4 cuando Makefile.inc se modifica para habilitar el protocolo J-PAKE, no inicializa ciertas estructuras de datos, lo que podría... • http://marc.info/?l=bugtraq&m=141576985122836&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4548 – Slackware Security Advisory - openssh Updates
https://notcve.org/view.php?id=CVE-2013-4548
08 Nov 2013 — The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. La función mm_newkeys_from_blob en monitor_wrap.c de sshd en OpenSSH 6.2 y 6.3, cuando se utiliza el cifrado AES-GCM, no inicia correctamente la memoria para una estru... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 83EXPL: 0CVE-2010-5107 – openssh: Prevent connection slot exhaustion attacks
https://notcve.org/view.php?id=CVE-2010-5107
07 Mar 2013 — The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. La configuración por defecto de OpenSSH hasta v6.1 impone un límite de tiempo fijado entre el establecimiento de una conexión TCP y el inicio de sesión, lo que hace que sea más fácil para los atacantes remotos provocar una ... • http://marc.info/?l=bugtraq&m=144050155601375&w=2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 2CVE-2011-5000 – openssh: post-authentication resource exhaustion bug via GSSAPI
https://notcve.org/view.php?id=CVE-2011-5000
04 Apr 2012 — The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. La función de ssh_gssapi_parse_ename en GSS-serv.c en OpenSSH v5.8 y versiones anteriores, cuando gssapi-with-mic de autenticación está activada, permite a usuarios remotos autenticados p... • http://rhn.redhat.com/errata/RHSA-2012-0884.html • CWE-189: Numeric Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 78EXPL: 0CVE-2012-0814 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2012-0814
27 Jan 2012 — The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys fi... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 84EXPL: 3CVE-2010-4755 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2010-4755
02 Mar 2011 — The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. La (1) función remote_glob en sftp-glob... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 • CWE-399: Resource Management Errors •