High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-01-05	CVE-2016-10010	Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. local high complexity openbsd CWE-264	7.0
2017-01-05	CVE-2016-10009	Untrusted Search Path vulnerability in Openbsd Openssh Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. network low complexity openbsd CWE-426	7.3
2016-12-09	CVE-2016-8858	Resource Management Errors vulnerability in Openbsd Openssh The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. network low complexity openbsd CWE-399	7.5
2016-08-07	CVE-2016-6515	Improper Input Validation vulnerability in multiple products The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. network low complexity openbsd fedoraproject CWE-20	7.5
2016-05-01	CVE-2015-8325	Permissions, Privileges, and Access Controls vulnerability in multiple products The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. local low complexity debian openbsd canonical CWE-264	7.8
2016-01-14	CVE-2016-0778	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. network high complexity oracle openbsd apple hp sophos CWE-119	8.1
2006-09-27	CVE-2006-5051	Double Free vulnerability in multiple products Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. network high complexity openbsd debian apple CWE-415	8.1
2004-11-23	CVE-2004-0079	NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. network low complexity cisco symantec hp avaya redhat freebsd openbsd apple sco 4d checkpoint dell lite neoteris novell openssl sgi stonesoft tarantella vmware bluecoat securecomputing sun CWE-476	7.5