CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1657
https://notcve.org/view.php?id=CVE-2008-1657
02 Apr 2008 — OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. OpenSSH versión 4.4 anterior a 4.9, permite a los usuarios autenticados remotos omitir la directiva ForceCommand de sshd_config mediante la modificación del archivo de sesión .ssh/rc. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 13EXPL: 0CVE-2007-4752 – openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails
https://notcve.org/view.php?id=CVE-2007-4752
12 Sep 2007 — ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. ssh en OpenSSH anterior a 4.7 no maneja adecuadamente cuando una cookie no confiable no puede ser creada y utiliza una cookie X11 confiable en su lugar, lo cual permite a los atacantes violar políticas establecidas y obtener privilegios provocando que un clien... • http://bugs.gentoo.org/show_bug.cgi?id=191321 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 62EXPL: 0CVE-2007-2243
https://notcve.org/view.php?id=CVE-2007-2243
25 Apr 2007 — OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. OpenSSH 4.6 y anteriores, cuando ChallengeResponseAuthentication está habilitado, permite a atacantes remotos determinar la existencia de cuentas de usuario intentando autenticarse mediante S/KEY, lo cual muestra una respuesta dife... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-5794 – OpenSSH privilege separation flaw
https://notcve.org/view.php?id=CVE-2006-5794
08 Nov 2006 — Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. Vulnerabilidad sin especificar en el sshd Privilege Separation Monitor en OpenSSH para versiones anteriores a la 4.5 que provoca una verifi... • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 4CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
27 Sep 2006 — Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especif... • https://github.com/bigb0x/CVE-2024-6387 • CWE-415: Double Free •