VYPR

OpenSSH

by OpenBSD

Source repositories

CVEs (114)

  • CVE-2014-2532MedMar 18, 2014
    risk 0.28cvss 4.2epss 0.05

    sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

  • CVE-2008-5161LowNov 19, 2008
    risk 0.28cvss 3.7epss 0.15

    Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and…

  • CVE-2026-35414MedApr 2, 2026
    risk 0.27cvss 4.2epss 0.00

    OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

  • CVE-2026-35386LowApr 2, 2026
    risk 0.23cvss 3.6epss 0.00

    In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

  • CVE-2026-35387LowApr 2, 2026
    risk 0.20cvss 3.1epss 0.00

    OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

  • CVE-2026-35388LowApr 2, 2026
    risk 0.16cvss 2.5epss 0.00

    OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

  • CVE-2003-0190May 12, 2003
    risk 0.09cvss epss 0.77

    OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

  • CVE-2019-6110Jan 31, 2019
    risk 0.08cvss epss 0.21

    In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

  • CVE-2019-6111Jan 31, 2019
    risk 0.07cvss epss 0.58

    An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal…

  • CVE-2006-5229Oct 10, 2006
    risk 0.07cvss epss 0.54

    OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as…

  • CVE-2006-4924Sep 27, 2006
    risk 0.06cvss epss 0.35

    sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

  • CVE-2001-0144Mar 12, 2001
    risk 0.06cvss epss 0.32

    CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

  • CVE-2025-26466Feb 28, 2025
    risk 0.05cvss epss 0.38

    A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such…

  • CVE-2015-6565Aug 24, 2015
    risk 0.03cvss epss 0.03

    sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.

  • CVE-2008-3234Jul 18, 2008
    risk 0.03cvss epss 0.06

    sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

  • CVE-2002-0575Jun 18, 2002
    risk 0.03cvss epss 0.04

    Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

  • CVE-2001-1029Sep 20, 2001
    risk 0.03cvss epss 0.01

    libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome…

  • CVE-2000-0992Dec 19, 2000
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.

  • CVE-2008-4109Sep 18, 2008
    risk 0.02cvss epss 0.29

    A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of…

  • CVE-2010-4755Mar 2, 2011
    risk 0.01cvss epss 0.08

    The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory…

Page 3 of 6