CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39894 – Ubuntu Security Notice USN-6887-1
https://notcve.org/view.php?id=CVE-2024-39894
02 Jul 2024 — OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. OpenSSH 9.5 a 9.7 anterior a 9.8 a veces permite ataques de sincronización contra la entrada de contraseña sin eco (por ejemplo, para su y Sudo) debido a un error lógico de ObscureKeystrokeTiming. De manera similar, podrían ocurrir otros ataques de sincronización contra... • http://www.openwall.com/lists/oss-security/2024/07/03/6 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 96CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anter... • https://packetstorm.news/files/id/179290 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-51767
https://notcve.org/view.php?id=CVE-2023-51767
24 Dec 2023 — OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. OpenSSH hasta 9.6, cuando se utilizan tipos comunes de DRAM, podría permitir row hammer attacks (para omitir la autenticación) porque el valor entero de autenticad... • https://access.redhat.com/security/cve/CVE-2023-51767 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 20CVE-2023-51385 – openssh: potential command injection via shell metacharacters
https://notcve.org/view.php?id=CVE-2023-51385
18 Dec 2023 — In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. En ssh en OpenSSH anterior a 9.6, la inyección de comandos del sistema operativo puede ocurrir si un nombre de usuario o nombre de host tiene metacaracteres de shell, y un token de expansión hace referenci... • https://github.com/WOOOOONG/CVE-2023-51385 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 95%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-51384 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2023-51384
18 Dec 2023 — In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. En ssh-agent en OpenSSH anterior a 9.6, ciertas restricciones de destino se pueden aplicar de forma incompleta. Cuando se especifican restricciones de destino durante la adición de claves privadas alojadas en PKCS#11, estas ... • http://seclists.org/fulldisclosure/2024/Mar/21 •
CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-36368
https://notcve.org/view.php?id=CVE-2021-36368
12 Mar 2022 — An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not a... • https://bugzilla.mindrot.org/show_bug.cgi?id=3316 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25049
https://notcve.org/view.php?id=CVE-2019-25049
01 Jul 2021 — LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). LibreSSL versiones 2.9.1 hasta 3.2.1, presenta una lectura fuera de límites en la función asn1_item_print_ctx (llamada desde asn1_template_print_ctx) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25048
https://notcve.org/view.php?id=CVE-2019-25048
01 Jul 2021 — LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). LibreSSL versiones 2.9.1 hasta 3.2.1, presenta una lectura excesiva de búfer en la región heap de la memoria en la función do_print_ex (llamado desde asn1_item_print_ctx y ASN1_item_print) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 19CVE-2020-7247 – OpenSMTPD Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7247
29 Jan 2020 — smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. La función smtp_mailaddr en el archivo smtp_session.c en OpenSMTPD versión 6.6, como es usado en OpenBSD versión 6.6 y otros ... • https://packetstorm.news/files/id/156249 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-755: Improper Handling of Exceptional Conditions •