Openbsd

Openssh

138 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.22%
  • Veröffentlicht 17.03.2023 04:15:14
  • Zuletzt bearbeitet 28.05.2026 19:16:36

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

Exploit
  • EPSS 89.96%
  • Veröffentlicht 03.02.2023 06:15:09
  • Zuletzt bearbeitet 28.05.2026 18:16:28

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to an...

  • EPSS 1.68%
  • Veröffentlicht 13.03.2022 00:15:07
  • Zuletzt bearbeitet 29.05.2026 20:16:20

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the u...

  • EPSS 2.37%
  • Veröffentlicht 26.09.2021 19:15:07
  • Zuletzt bearbeitet 12.05.2026 10:16:36

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsC...

Exploit
  • EPSS 5.33%
  • Veröffentlicht 15.09.2021 20:15:07
  • Zuletzt bearbeitet 29.05.2026 16:16:16

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combi...

  • EPSS 3.42%
  • Veröffentlicht 05.03.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 05:59:01

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

Exploit
  • EPSS 13%
  • Veröffentlicht 24.07.2020 14:15:12
  • Zuletzt bearbeitet 28.07.2025 18:12:45

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous arg...

  • EPSS 2.06%
  • Veröffentlicht 29.06.2020 18:15:11
  • Zuletzt bearbeitet 18.12.2025 15:15:48

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has ...

  • EPSS 2.27%
  • Veröffentlicht 01.06.2020 16:15:14
  • Zuletzt bearbeitet 21.11.2024 04:59:12

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by cr...

Exploit
  • EPSS 2.17%
  • Veröffentlicht 09.10.2019 20:15:23
  • Zuletzt bearbeitet 23.04.2025 16:15:20

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution...