CVE-2016-10009
- EPSS 37.43%
- Veröffentlicht 05.01.2017 02:59:03
- Zuletzt bearbeitet 29.05.2026 21:16:26
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
- EPSS 4.24%
- Veröffentlicht 05.01.2017 02:59:03
- Zuletzt bearbeitet 29.05.2026 21:16:26
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
CVE-2016-10011
- EPSS 1.1%
- Veröffentlicht 05.01.2017 02:59:03
- Zuletzt bearbeitet 29.05.2026 21:16:26
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2016-10012
- EPSS 1.28%
- Veröffentlicht 05.01.2017 02:59:03
- Zuletzt bearbeitet 29.05.2026 21:16:26
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a san...
CVE-2016-8858
- EPSS 29.46%
- Veröffentlicht 09.12.2016 11:59:00
- Zuletzt bearbeitet 29.05.2026 21:16:30
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does ...
CVE-2016-6515
- EPSS 58.57%
- Veröffentlicht 07.08.2016 21:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVE-2015-8325
- EPSS 0.63%
- Veröffentlicht 01.05.2016 01:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted...
CVE-2016-3115
- EPSS 37.02%
- Veröffentlicht 22.03.2016 10:59:02
- Zuletzt bearbeitet 29.05.2026 21:16:29
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_...
CVE-2016-1907
- EPSS 14.34%
- Veröffentlicht 19.01.2016 05:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
CVE-2016-0778
- EPSS 20.37%
- Veröffentlicht 14.01.2016 22:59:02
- Zuletzt bearbeitet 29.05.2026 21:16:25
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows r...