Latest openbsd openssh Vulnerabilities

CVE-2023-51767
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist...
Openbsd Openssh
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u2<=1:9.6p1-4<=1:9.7p1-4
CVE-2023-51384
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constr...
Openbsd Openssh<9.6
Apple macOS Sonoma<14.4
ubuntu/openssh<1:8.9
ubuntu/openssh<1:9.0
ubuntu/openssh<1:9.3
ubuntu/openssh<1:9.6
and 2 more
CVE-2023-51385
, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling
Openbsd Openssh<9.6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
ubuntu/openssh<1:7.6
ubuntu/openssh<1:8.2
and 6 more
CVE-2023-48795
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
pip/paramiko>=2.5.0<3.4.0
go/golang.org/x/crypto<0.17.0
rust/russh<0.40.2
Apple macOS Sonoma<14.4
Openbsd Openssh<9.6
Putty Putty<0.80
and 128 more
CVE-2023-38408
Remote Code Execution in OpenSSH's forwarded ssh-agent
Openbsd Openssh<9.3
Openbsd Openssh=9.3
Openbsd Openssh=9.3-p1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
IBM QRadar SIEM<=7.5.0 - 7.5.0 UP6
and 10 more
CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
Openbsd Openssh>=8.9<9.3
Netapp Brocade Fabric Operating System
Netapp Hci Bootstrap Os
Netapp Solidfire Element Os
ubuntu/openssh<1:8.9
ubuntu/openssh<1:9.0
and 2 more
CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote at...
Openssh Openssh=9.1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
NetApp ONTAP Select Deploy administration utility
Netapp A250 Firmware
Netapp A250
and 11 more
CVE-2021-36368
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified...
Openbsd Openssh<8.9
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3
CVE-2021-41617
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs f...
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10<=1:8.4p1-5<=1:8.4p1-6
ubuntu/openssh<1:8.2
ubuntu/openssh<8.8
ubuntu/openssh<1:7.2
Openbsd Openssh>=6.2<8.8
Fedoraproject Fedora=33
and 21 more
CVE-2016-20012
** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is corr...
Openbsd Openssh<=8.7
NetApp Clustered Data ONTAP
Netapp Hci Management Node
NetApp ONTAP Select Deploy administration utility
Netapp Solidfire
<=8.7
and 4 more
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an a...
Openbsd Openssh>=8.2<8.5
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
Netapp Hci Management Node
Netapp Solidfire
and 6 more
CVE-2020-15778
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh<8.3
Openbsd Openssh=8.3
Openbsd Openssh=8.3-p1
Netapp A700s Firmware
Netapp A700s
and 9 more
CVE-2020-14145
OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the ...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh>=5.7<8.4
Openbsd Openssh=8.4
Openbsd Openssh=8.5
Openbsd Openssh=8.6
Netapp Aff A700s Firmware
and 8 more
CVE-2020-12062
** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to o...
Openbsd Openssh=8.2
=8.2
CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This l...
Openbsd Openssh>=7.7<=7.9
Openbsd Openssh>=8.0<8.1
Netapp Cloud Backup
Netapp Steelstore Cloud Integrated Storage
Siemens Scalance X204rna Firmware<3.2.7
Siemens Scalance X204rna
and 2 more
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI co...
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u2<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u1<=1:9.2p1-2+deb12u2<=1:9.6p1-2
Openbsd Openssh<=7.9
Winscp Winscp<=5.13
Netapp Element Software
Netapp Ontap Select Deploy
Netapp Storage Automation Store
and 4 more
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only perfo...
ubuntu/openssh<1:7.6
ubuntu/openssh<1:7.7
ubuntu/openssh<1:6.6
ubuntu/openssh<1:7.2
Openbsd Openssh<=7.9
Winscp Winscp<=5.1.3
and 76 more
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the targ...
debian/openssh<=1:7.4p1-10<=1:7.9p1-4<=1:7.4p1-10+deb9u4
debian/openssh
Openbsd Openssh<=7.9
Winscp Winscp<=5.13
Netapp Cloud Backup
Netapp Element Software
and 88 more
CVE-2018-15919
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states '...
Openbsd Openssh>=5.9<=7.8
Netapp Cloud Backup
Netapp Data Ontap Edge
Netapp Ontap Select Deploy
Netapp Steelstore
Netapp Cn1610 Firmware
and 1 more
CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, rel...
IBM Security Identity Manager<=7.0.1
debian/openssh<=1:6.7p1-1<=1:7.7p1-1
ubuntu/openssh<1:7.6
ubuntu/openssh<1:7.7
ubuntu/openssh<1:6.6
ubuntu/openssh<1:7.2
and 40 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203