National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:openbsd:openssh:3.7
There are 46 matching records.
Displaying matches 41 through 46.
Vuln ID Summary CVSS Severity

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

Published: September 06, 2005; 01:03:00 PM -04:00
    V2: 5.0 MEDIUM

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

Published: August 23, 2005; 12:00:00 AM -04:00
    V2: 1.2 LOW

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.

Published: August 31, 2004; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM

"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.

Published: October 06, 2003; 12:00:00 AM -04:00
    V2: 7.5 HIGH

Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.

Published: October 06, 2003; 12:00:00 AM -04:00
    V2: 7.5 HIGH

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

Published: September 22, 2003; 12:00:00 AM -04:00
    V2: 10.0 HIGH