Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-8858 | 7.8 |
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does
|
06-08-2024 - 03:15 | 09-12-2016 - 11:59 | |
CVE-2016-6210 | 4.3 |
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference be
|
13-12-2022 - 12:15 | 13-02-2017 - 17:59 | |
CVE-2015-8325 | 7.2 |
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted
|
13-12-2022 - 12:15 | 01-05-2016 - 01:59 | |
CVE-2016-1908 | 7.5 |
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding
|
13-12-2022 - 12:15 | 11-04-2017 - 18:59 | |
CVE-2016-3115 | 5.5 |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_
|
11-09-2018 - 10:29 | 22-03-2016 - 10:59 |