CVE-2023-28531
- EPSS 2.22%
- Veröffentlicht 17.03.2023 04:15:14
- Zuletzt bearbeitet 28.05.2026 19:16:36
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2023-25136
- EPSS 89.96%
- Veröffentlicht 03.02.2023 06:15:09
- Zuletzt bearbeitet 28.05.2026 18:16:28
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to an...
CVE-2021-36368
- EPSS 1.68%
- Veröffentlicht 13.03.2022 00:15:07
- Zuletzt bearbeitet 29.05.2026 20:16:20
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the u...
- EPSS 2.37%
- Veröffentlicht 26.09.2021 19:15:07
- Zuletzt bearbeitet 12.05.2026 10:16:36
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsC...
CVE-2016-20012
- EPSS 5.33%
- Veröffentlicht 15.09.2021 20:15:07
- Zuletzt bearbeitet 29.05.2026 16:16:16
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combi...
CVE-2021-28041
- EPSS 3.42%
- Veröffentlicht 05.03.2021 21:15:13
- Zuletzt bearbeitet 21.11.2024 05:59:01
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2020-15778
- EPSS 13%
- Veröffentlicht 24.07.2020 14:15:12
- Zuletzt bearbeitet 28.07.2025 18:12:45
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous arg...
CVE-2020-14145
- EPSS 2.06%
- Veröffentlicht 29.06.2020 18:15:11
- Zuletzt bearbeitet 18.12.2025 15:15:48
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has ...
CVE-2020-12062
- EPSS 2.27%
- Veröffentlicht 01.06.2020 16:15:14
- Zuletzt bearbeitet 21.11.2024 04:59:12
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by cr...
CVE-2019-16905
- EPSS 2.17%
- Veröffentlicht 09.10.2019 20:15:23
- Zuletzt bearbeitet 23.04.2025 16:15:20
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution...