VYPR

sshd

by OpenSSH

CVEs (4)

  • CVE-2016-6210MedFeb 13, 2017
    risk 0.48cvss 5.9epss 0.89

    sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large…

  • CVE-2016-10012HigJan 5, 2017
    risk 0.44cvss 7.8epss 0.01

    The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation…

  • CVE-2016-10011MedJan 5, 2017
    risk 0.33cvss 6.2epss 0.01

    authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

  • CVE-2008-3234Jul 18, 2008
    risk 0.03cvss epss 0.06

    sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.