Vulnerabilities > Dropbear SSH Project > Dropbear SSH > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-12 | CVE-2021-36369 | Improper Authentication vulnerability in multiple products An issue was discovered in Dropbear through 2020.81. | 7.5 |
| 2017-05-19 | CVE-2017-9078 | Double Free vulnerability in multiple products The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | 8.5 |
| 2012-06-05 | CVE-2012-0920 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency." | 7.1 |
| 2007-02-26 | CVE-2007-1099 | Unspecified vulnerability in Dropbear SSH Project Dropbear SSH dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks. | 7.5 |
| 2004-12-31 | CVE-2004-2486 | Authentication vulnerability in Dropbear SSH Server Digital Signature Standard The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access. | 7.5 |