| Max CVSS | 7.8 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-10009 | 7.5 |
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
|
20-07-2023 - 18:15 | 05-01-2017 - 02:59 | |
| CVE-2016-6515 | 7.8 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
|
13-12-2022 - 12:15 | 07-08-2016 - 21:59 | |
| CVE-2016-6210 | 4.3 |
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference be
|
13-12-2022 - 12:15 | 13-02-2017 - 17:59 | |
| CVE-2016-10012 | 7.2 |
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a san
|
13-12-2022 - 12:15 | 05-01-2017 - 02:59 | |
| CVE-2016-10011 | 2.1 |
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
|
13-12-2022 - 12:15 | 05-01-2017 - 02:59 |