CVE-2019-6109
- EPSS 3.81%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 28.05.2026 19:16:34
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes t...
CVE-2019-6110
- EPSS 20.91%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 18.12.2025 15:15:47
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transfe...
CVE-2019-6111
- EPSS 58.2%
- Veröffentlicht 31.01.2019 18:29:00
- Zuletzt bearbeitet 18.12.2025 15:15:48
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned...
CVE-2018-20685
- EPSS 3.68%
- Veröffentlicht 10.01.2019 21:29:00
- Zuletzt bearbeitet 17.12.2025 22:15:55
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-15919
- EPSS 3.56%
- Veröffentlicht 28.08.2018 08:29:00
- Zuletzt bearbeitet 18.12.2025 12:15:53
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not w...
CVE-2018-15473
- EPSS 98.63%
- Veröffentlicht 17.08.2018 19:29:00
- Zuletzt bearbeitet 17.12.2025 22:15:54
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-...
CVE-2016-10708
- EPSS 15.72%
- Veröffentlicht 21.01.2018 22:29:00
- Zuletzt bearbeitet 29.04.2026 16:16:21
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
CVE-2017-15906
- EPSS 3.36%
- Veröffentlicht 26.10.2017 03:29:00
- Zuletzt bearbeitet 28.05.2026 19:16:25
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2016-1908
- EPSS 13.74%
- Veröffentlicht 11.04.2017 18:59:00
- Zuletzt bearbeitet 29.05.2026 21:16:27
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding...
CVE-2016-6210
- EPSS 88.94%
- Veröffentlicht 13.02.2017 17:59:00
- Zuletzt bearbeitet 29.05.2026 21:16:29
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference be...