Search for packages
| purl | pkg:deb/debian/openssh@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1bv8-wap7-ybec | SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets. |
CVE-2003-1119
|
| VCID-1vwp-yqcr-nkg6 | Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. |
CVE-2002-1359
|
| VCID-1x8n-5rvu-1kfu | openssh: OpenSSH pre-authentication async signal safety issue |
CVE-2024-7589
|
| VCID-3jeb-49yf-xbfw | openssh: possible privilege escalation when using ChrootDirectory setting |
CVE-2009-2904
|
| VCID-42rr-5scb-rkbt | Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution. |
CVE-2023-25136
|
| VCID-6azx-wz7x-d7cr | openssh: Unauthorized local access to host keys on platforms where ssh-rand-helper used |
CVE-2011-4327
|
| VCID-6sgs-5zm4-rqcg | openssh: ~/.k5users unexpectedly grants remote login |
CVE-2014-9278
|
| VCID-88tp-4d2a-1ydh | A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges. |
CVE-2024-6387
|
| VCID-9ycq-9rwj-8kav | audit logging of failed logins |
CVE-2007-3102
|
| VCID-bytd-a69u-dkfv | openssh: SO_REUSEADDR insecure for X11 forwarding sockets on some platforms |
CVE-2008-3259
|
| VCID-c52m-7sh8-eke1 | openssh: Logic error in ObscureKeystrokeTiming |
CVE-2024-39894
|
| VCID-cz6k-qmqx-cybc | Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access. |
CVE-2025-26466
|
| VCID-daku-ks5y-rbdj | openssh: uninitialized variable use in J-PAKE implementation |
CVE-2014-1692
|
| VCID-dr6k-gpbz-5qcs | Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. |
CVE-2002-1357
|
| VCID-fafq-mggp-cbem | openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat Enterprise Linux 9 |
CVE-2024-6409
|
| VCID-g514-1b64-kudx | SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. |
CVE-2001-1585
|
| VCID-h6pg-t5c8-53br | openssh: destination constraints only apply to first PKCS#11 key |
CVE-2023-51384
|
| VCID-hmyj-ztb3-rbhz | FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. |
CVE-2014-8475
|
| VCID-jvn2-cgzv-u3fn | Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code. |
CVE-2010-4478
|
| VCID-u7hg-g61b-q7fy | The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. |
CVE-2004-1653
|
| VCID-v3yv-r42f-skdr | Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution. |
CVE-2023-28531
|
| VCID-wskn-7rs4-xyh6 | Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. |
CVE-2002-1358
|
| VCID-wvmb-brge-13cq | SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. |
CVE-2002-1715
|
| VCID-xewq-4k2z-vqgg | Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. |
CVE-2015-6565
|
| VCID-zw1g-y15j-fuhf | Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. |
CVE-2002-1360
|