|Max CVSS||7.5||Min CVSS||5.8||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended Force
|09-10-2019 - 23:08||08-11-2013 - 15:55|
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
|19-07-2018 - 01:29||18-03-2014 - 05:18|
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption
|29-08-2017 - 01:34||29-01-2014 - 16:02|
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
|07-01-2017 - 02:59||27-03-2014 - 10:55|