|Max CVSS||8.5||Min CVSS||5.0||Total Count||5|
|ID||CVSS||Summary||Last (major) update||Published|
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
|06-01-2017 - 21:59||27-03-2014 - 06:55|
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
|06-01-2017 - 21:59||18-03-2014 - 01:18|
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force at
|23-12-2016 - 21:59||02-08-2015 - 21:59|
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_
|02-12-2016 - 22:26||22-03-2016 - 06:59|
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodi
|28-11-2016 - 14:07||07-03-2013 - 15:55|