Search for packages
| purl | pkg:deb/ubuntu/openssh@1:7.1p1-5 |
| Next non-vulnerable version | 1:8.2p1-4ubuntu0.2 |
| Latest non-vulnerable version | 1:8.2p1-4ubuntu0.2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-77m6-j8p8-aaak
Aliases: CVE-2016-10708 |
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. |
Affected by 6 other vulnerabilities. |
|
VCID-7stj-j6mx-aaak
Aliases: CVE-2019-6111 |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). |
Affected by 1 other vulnerability. |
|
VCID-89w5-gz7y-aaan
Aliases: CVE-2016-3115 |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. |
Affected by 13 other vulnerabilities. |
|
VCID-93bh-xgdm-aaad
Aliases: CVE-2018-15473 |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. |
Affected by 4 other vulnerabilities. |
|
VCID-a6n4-mx2c-aaah
Aliases: CVE-2016-6210 |
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. |
Affected by 11 other vulnerabilities. |
|
VCID-au3k-npa4-aaac
Aliases: CVE-2016-10012 |
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. |
Affected by 7 other vulnerabilities. |
|
VCID-bs1j-kwc5-aaaq
Aliases: CVE-2016-10009 |
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. |
Affected by 7 other vulnerabilities. |
|
VCID-f1zj-c92q-aaar
Aliases: CVE-2019-6109 |
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. |
Affected by 2 other vulnerabilities. |
|
VCID-g3um-2fb6-aaaq
Aliases: CVE-2018-20685 |
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. |
Affected by 3 other vulnerabilities. |
|
VCID-kx4t-1r9m-aaad
Aliases: CVE-2016-1907 |
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. |
Affected by 16 other vulnerabilities. |
|
VCID-m5qg-dkpz-aaac
Aliases: CVE-2016-10010 |
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. |
Affected by 10 other vulnerabilities. |
|
VCID-makx-v5py-aaap
Aliases: CVE-2016-1908 |
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. |
Affected by 13 other vulnerabilities. |
|
VCID-na6s-7kbn-aaas
Aliases: CVE-2015-8325 |
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. |
Affected by 15 other vulnerabilities. |
|
VCID-qcaw-39uj-aaaa
Aliases: CVE-2016-6515 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. |
Affected by 11 other vulnerabilities. |
|
VCID-st64-1ck6-aaas
Aliases: CVE-2016-10011 |
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. |
Affected by 7 other vulnerabilities. |
|
VCID-t5dn-w8da-aaaf
Aliases: CVE-2021-28041 |
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. |
Affected by 0 other vulnerabilities. |
|
VCID-ymfz-4why-aaap
Aliases: CVE-2017-15906 |
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. |
Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|