Vulnerabilities > Apache > Sshd > 2.3.0

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. 		5.9
5.9
2023-07-10 CVE-2023-35887 Path Traversal vulnerability in Apache Sshd
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10.
network
low complexity
apache CWE-22
4.3
4.3
2022-11-16 CVE-2022-45047 Deserialization of Untrusted Data vulnerability in Apache Sshd
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2021-07-12 CVE-2021-30129 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.
network
low complexity
apache oracle CWE-772
6.5
6.5