Vulnerabilities > Openbsd > Openssh > 3.8.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-08 | CVE-2006-5794 | Unspecified vulnerability in Openbsd Openssh Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. | 7.5 |
2006-09-27 | CVE-2006-5052 | Unspecified vulnerability in Openbsd Openssh Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." | 5.0 |
2006-09-27 | CVE-2006-5051 | Double Free vulnerability in multiple products Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | 8.1 |
2006-09-27 | CVE-2006-4924 | Resource Management Errors vulnerability in Openbsd Openssh sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | 7.8 |
2006-01-25 | CVE-2006-0225 | Unspecified vulnerability in Openbsd Openssh scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. | 4.6 |
2005-09-06 | CVE-2005-2798 | Unspecified vulnerability in Openbsd Openssh sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. | 5.0 |
2004-08-31 | CVE-2004-1653 | Remote Security vulnerability in OpenSSH The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. | 6.4 |