Search Results (Refine Search)
- CPE Product Version: cpe:/a:openbsd:openssh:7.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-10010 |
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. Published: January 04, 2017; 9:59:03 PM -0500 |
V3.0: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2016-10009 |
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. Published: January 04, 2017; 9:59:03 PM -0500 |
V3.0: 7.3 HIGH V2.0: 7.5 HIGH |
CVE-2016-8858 |
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." Published: December 09, 2016; 6:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2016-6515 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. Published: August 07, 2016; 5:59:09 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2015-8325 |
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. Published: April 30, 2016; 9:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-3115 |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Published: March 22, 2016; 6:59:02 AM -0400 |
V3.0: 6.4 MEDIUM V2.0: 5.5 MEDIUM |