Mkj
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14282 | Med | 0.28 | 5.4 | 0.00 | Feb 12, 2026 | A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like… | ||
| CVE-2026-3706 | Low | 0.24 | 3.7 | 0.00 | Mar 8, 2026 | A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The… | ||
| CVE-2025-47203 | Med | 0.22 | 4.5 | 0.01 | May 7, 2025 | dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. | ||
| CVE-2017-2659 | 0.00 | — | 0.02 | Mar 20, 2019 | It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts. |
- risk 0.28cvss 5.4epss 0.00
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like…
- risk 0.24cvss 3.7epss 0.00
A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The…
- risk 0.22cvss 4.5epss 0.01
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
- CVE-2017-2659Mar 20, 2019risk 0.00cvss —epss 0.02
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.