Vulnerabilities > Openbsd > Openssh > 3.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-27 | CVE-2006-5052 | Unspecified vulnerability in Openbsd Openssh Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." | 5.0 |
| 2006-09-27 | CVE-2006-5051 | Double Free vulnerability in multiple products Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | 8.1 |
| 2006-09-27 | CVE-2006-4924 | Resource Management Errors vulnerability in Openbsd Openssh sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | 7.8 |
| 2006-01-25 | CVE-2006-0225 | Unspecified vulnerability in Openbsd Openssh scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. | 4.6 |
| 2005-09-06 | CVE-2005-2798 | Unspecified vulnerability in Openbsd Openssh sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. | 5.0 |
| 2004-08-31 | CVE-2004-1653 | Remote Security vulnerability in OpenSSH The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. | 6.4 |
| 2003-10-06 | CVE-2003-0695 | Unspecified vulnerability in Openbsd Openssh Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693. | 7.5 |
| 2003-10-06 | CVE-2003-0682 | Remote Security vulnerability in OpenSSH "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695. | 7.5 |
| 2003-09-22 | CVE-2003-0693 | Unspecified vulnerability in Openbsd Openssh A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. | 10.0 |