Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:openbsd:openssh:7.0:p1
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Published: October 25, 2017; 11:29:00 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2016-3115

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

Published: March 22, 2016; 6:59:02 AM -0400
V3.0: 6.4 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2016-1907

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

Published: January 19, 2016; 12:59:10 AM -0500
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Published: January 14, 2016; 5:59:02 PM -0500
V3.0: 8.1 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Published: January 14, 2016; 5:59:01 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM