|
91
|
-
7.5
|
HIGH
|
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions …
|
NVD-CWE-Other
|
CVE-2003-0386
|
cpe:2.3:a:openbsd:openssh:3.6.1:*
|
|
|
|
|
2017-10-11 10:29
2003-07-2
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
-
5.0
|
MEDIUM
|
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2003-0190
|
cpe:2.3:a:openbsd:openssh:3.6.1:p1 cpe:2.3:a:openbsd:openssh:*:*
|
|
|
|
3.6.1
|
2024-02-16 03:46
2003-05-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
-
7.5
|
HIGH
|
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
|
NVD-CWE-Other
|
CVE-2002-0765
|
cpe:2.3:a:openbsd:openssh:3.2.2:*
|
|
|
|
|
2008-09-11 04:12
2002-08-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
9.8
10.0
|
CRITICAL
Network
|
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is usin…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2002-0639
|
cpe:2.3:a:openbsd:openssh:*:*
|
2.9.9
|
3.3
|
|
|
2024-02-9 03:37
2002-07-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
-
10.0
|
HIGH
|
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is usin…
|
NVD-CWE-Other
|
CVE-2002-0640
|
cpe:2.3:a:openbsd:openssh:3.3p1:* cpe:2.3:a:openbsd:openssh:3.3:* cpe:2.3:a:openbsd:openssh:3.2:* cpe:2.3:a:op…
|
|
|
|
|
2024-07-1 20:15
2002-07-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
-
7.5
|
HIGH
|
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privile…
|
NVD-CWE-Other
|
CVE-2002-0575
|
cpe:2.3:a:openbsd:openssh:3.2:* cpe:2.3:a:openbsd:openssh:3.1:* cpe:2.3:a:openbsd:openssh:3.0:* cpe:2.3:a:open…
|
|
|
|
|
2016-10-18 11:20
2002-06-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
9.8
10.0
|
CRITICAL
Network
|
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
|
CWE-193
Off-by-one Error
|
CVE-2002-0083
|
cpe:2.3:a:openbsd:openssh:*:*
|
2.0
|
|
|
3.1
|
2024-02-2 11:52
2002-03-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
-
7.5
|
HIGH
|
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
|
NVD-CWE-Other
|
CVE-2001-1507
|
cpe:2.3:a:openbsd:openssh:3.0p1:* cpe:2.3:a:openbsd:openssh:3.0:*
|
|
|
|
|
2008-09-11 04:10
2001-12-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
-
6.8
|
MEDIUM
|
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure t…
|
CWE-287
Improper Authentication
|
CVE-2001-1585
|
cpe:2.3:a:openbsd:openssh:2.3.1:*
|
|
|
|
|
2017-07-29 10:29
2001-12-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
-
7.2
|
HIGH
|
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-2001-0872
|
cpe:2.3:a:openbsd:openssh:*:*
|
|
3.0.1
|
|
|
2018-05-3 10:29
2001-12-21
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|