- EPSS 28.6%
- Veröffentlicht 18.09.2008 15:04:27
- Zuletzt bearbeitet 16.06.2026 22:57:11
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attac...
CVE-2008-3844
- EPSS 2.67%
- Veröffentlicht 27.08.2008 20:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:39
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact....
CVE-2008-3259
- EPSS 0.33%
- Veröffentlicht 22.07.2008 16:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:29
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the ...
CVE-2008-3234
- EPSS 5.77%
- Veröffentlicht 18.07.2008 16:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:26
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
CVE-2008-1657
- EPSS 2.22%
- Veröffentlicht 02.04.2008 18:44:00
- Zuletzt bearbeitet 16.06.2026 22:52:11
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
CVE-2008-1483
- EPSS 0.35%
- Veröffentlicht 24.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:49
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and ...
CVE-2007-3102
- EPSS 2.34%
- Veröffentlicht 18.10.2007 20:17:00
- Zuletzt bearbeitet 16.06.2026 22:41:04
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of the...
CVE-2007-4752
- EPSS 2.37%
- Veröffentlicht 12.09.2007 01:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:42
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...
- EPSS 1.96%
- Veröffentlicht 04.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:30
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via...
CVE-2007-2768
- EPSS 8.65%
- Veröffentlicht 21.05.2007 20:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:16
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwor...