) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:openbsd:openssh:4.3p1
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2006-5794 |
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. Published: November 08, 2006; 3:07:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2006-5051 |
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Published: September 27, 2006; 7:07:00 PM -0400 |
V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
| CVE-2006-5052 |
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." Published: September 27, 2006; 7:07:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2006-4924 |
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. Published: September 26, 2006; 9:07:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |