CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5536 – pam_ssh_agent_auth: symbol crash leading to glibc error() called incorrectly
https://notcve.org/view.php?id=CVE-2012-5536
22 Feb 2013 — A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo. Un determinado build de Red Hat del módulo pam_ssh_agent_auth en Red Hat Enterprise Linux (RHEL) 6 y Fedora Rawhid... • http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2007-3102 – audit logging of failed logins
https://notcve.org/view.php?id=CVE-2007-3102
18 Oct 2007 — Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. Vulnerabilidad sin especificar en la función linux_audit_record_event en el OpenSSH 4.3p2, como el utilizado por el Fedora Core 6 y, posiblemente, otros sistemas, permite a atacantes remotos escribir caractere... • http://osvdb.org/39214 •