| Max CVSS | 7.8 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-6111 | 5.8 |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned
|
24-03-2023 - 18:12 | 31-01-2019 - 18:29 | |
| CVE-2018-15473 | 5.0 |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-
|
23-02-2023 - 23:13 | 17-08-2018 - 19:29 | |
| CVE-2016-6515 | 7.8 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
|
13-12-2022 - 12:15 | 07-08-2016 - 21:59 | |
| CVE-2017-15906 | 5.0 |
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
|
13-12-2022 - 12:15 | 26-10-2017 - 03:29 |