| Max CVSS | 8.5 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-6563 | 1.9 |
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjun
|
13-12-2022 - 12:15 | 24-08-2015 - 01:59 | |
| CVE-2015-6564 | 6.9 |
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MON
|
13-12-2022 - 12:15 | 24-08-2015 - 01:59 | |
| CVE-2015-6565 | 7.2 |
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an e
|
13-12-2022 - 12:15 | 24-08-2015 - 01:59 | |
| CVE-2015-5600 | 8.5 |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force at
|
13-12-2022 - 12:15 | 03-08-2015 - 01:59 | |
| CVE-2015-5352 | 4.3 |
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictio
|
13-12-2022 - 12:15 | 03-08-2015 - 01:59 |