Skip to main content

SSH

159 CVEs product

Monthly

CVE-2023-40371 MEDIUM This Month

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SSH Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-38408 CRITICAL POC PATCH THREAT Act Now

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSH RCE Openssh Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
76.8%
CVE-2023-28531 CRITICAL Act Now

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSH Authentication Bypass Openssh Brocade Fabric Operating System Hci Bootstrap Os +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-25136 MEDIUM POC PATCH THREAT This Month

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 88.3%.

RCE SSH Openssh Fedora Ontap Select Deploy Administration Utility +3
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
88.3%
Threat
5.4
CVE-2022-31124 PyPI MEDIUM POC PATCH This Month

openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSH Python Information Disclosure Openssh Key Parser
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-30959 Maven MEDIUM This Month

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins SSH
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30958 Maven HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins SSH
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-30957 Maven MEDIUM This Month

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins SSH
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-27191 Go HIGH PATCH This Week

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSH Extra Packages For Enterprise Linux Fedora Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-36368 LOW PATCH Monitor

An issue was discovered in OpenSSH before 8.9. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

SSH Authentication Bypass Openssh Debian Linux
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.4%
CVE-2021-41617 HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh Fedora Active Iq Unified Manager +9
NVD VulDB
CVSS 3.1
7.0
EPSS
0.3%
CVE-2016-20012 MEDIUM POC PATCH THREAT This Month

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.

SSH Information Disclosure Openssh Clustered Data Ontap Hci Management Node +2
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
14.6%
CVE-2021-31580 CRITICAL POC Act Now

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Ova Appliance Provisioning Manager
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-28041 HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh Fedora Cloud Backup +6
NVD GitHub
CVSS 3.1
7.1
EPSS
3.4%
CVE-2020-29652 Go HIGH PATCH This Week

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service SSH
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-5917 MEDIUM This Month

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSH Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-15778 HIGH POC THREAT This Week

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Openssh A700S Firmware Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
7.4
EPSS
13.0%
CVE-2020-14145 MEDIUM PATCH This Month

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh Aff A700S Firmware Active Iq Unified Manager +6
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2020-1292 HIGH PATCH This Week

An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

SSH Microsoft Information Disclosure Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2020-12062 HIGH PATCH This Week

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSH Information Disclosure Openssh
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-16905 HIGH POC PATCH This Week

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

SSH Integer Overflow RCE Buffer Overflow Openssh +4
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2019-1859 HIGH This Week

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSH Authentication Bypass Cisco Sg200 50 Firmware Sg200 50P Firmware +112
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2019-7639 HIGH POC This Week

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSH Authentication Bypass Fedora Gsi Openssh
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2019-6111 MEDIUM POC PATCH THREAT This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH Path Traversal Openssh Winscp Ubuntu Linux +16
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
58.2%
CVE-2019-6110 MEDIUM POC PATCH THREAT This Month

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH RCE Openssh Winscp Element Software +4
NVD Exploit-DB
CVSS 3.1
6.8
EPSS
20.9%
CVE-2019-6109 MEDIUM PATCH This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh Winscp Ubuntu Linux +17
NVD VulDB
CVSS 3.1
6.8
EPSS
9.7%
CVE-2018-15919 MEDIUM PATCH This Month

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure SSH Openssh Cloud Backup +4
NVD
CVSS 3.1
5.3
EPSS
3.6%
CVE-2018-15473 MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH Openssh Debian Linux +20
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
98.6%
CVE-2016-10708 HIGH PATCH This Week

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSH Null Pointer Dereference Denial Of Service Openssh Debian Linux +10
NVD VulDB
CVSS 3.1
7.5
EPSS
3.1%
CVE-2017-1000245 Maven CRITICAL PATCH Act Now

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure SSH
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-15906 MEDIUM This Month

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSH Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
2.7%
CVE-2017-5243 HIGH This Week

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

SSH Microsoft Information Disclosure Nexpose
NVD
CVSS 3.0
8.5
EPSS
0.2%
CVE-2016-1908 CRITICAL PATCH Act Now

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

SSH Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2016-7407 CRITICAL PATCH Act Now

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE SSH Dropbear Ssh
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-6210 MEDIUM POC THREAT This Month

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 90.0%.

SSH Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
5.9
EPSS
90.0%
Threat
5.4
CVE-2016-10012 HIGH PATCH This Week

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

SSH Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-10011 MEDIUM PATCH This Month

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

SSH Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2016-10010 HIGH POC PATCH This Week

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to. Rated high severity (CVSS 7.0). Public exploit code available.

SSH Privilege Escalation
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2016-10009 HIGH POC PATCH This Week

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSH Information Disclosure
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.3
EPSS
1.6%
CVE-2016-8858 HIGH PATCH Act Now

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.9%.

Denial Of Service SSH
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
26.9%
CVE-2016-6515 HIGH POC PATCH THREAT Act Now

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.8%.

Denial Of Service SSH Openssh Fedora
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
75.8%
Threat
5.3
CVE-2015-8325 HIGH This Week

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SSH Privilege Escalation Debian Linux Openssh Ubuntu Core +2
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1235 HIGH PATCH This Week

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSH Privilege Escalation Oar Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-3115 MEDIUM POC THREAT This Month

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 47.1%.

SSH Authentication Bypass
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.4
EPSS
47.1%
Threat
4.2
CVE-2016-1907 MEDIUM This Month

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSH Buffer Overflow Openssh
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-0778 HIGH POC PATCH This Week

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service SSH Buffer Overflow
NVD VulDB
CVSS 3.1
8.1
EPSS
1.1%
CVE-2016-0777 MEDIUM This Month

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 67.2% and no vendor patch available.

SSH Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
67.2%
CVE-2015-6565 HIGH POC This Week

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SSH Privilege Escalation Openssh
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.3%
CVE-2015-6564 HIGH This Week

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging. Rated high severity (CVSS 7.0). No vendor patch available.

SSH Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
2.1%
CVE-2015-6563 MEDIUM This Month

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation. Rated medium severity (CVSS 6.4). No vendor patch available.

SSH Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2015-5600 HIGH POC THREAT Act Now

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 73.6%.

Denial Of Service SSH Privilege Escalation
NVD VulDB
CVSS 3.1
8.1
EPSS
73.6%
Threat
5.3
CVE-2015-5352 MEDIUM This Month

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SSH Privilege Escalation Openssh
NVD
CVSS 2.0
4.3
EPSS
5.4%
CVE-2014-9278 MEDIUM This Month

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SSH Authentication Bypass Openssh
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-8475 MEDIUM This Month

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SSH Freebsd
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-6278 HIGH POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
90.1%
Threat
7.5
CVE-2014-6277 CRITICAL POC THREAT Emergency

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.8%.

Command Injection Denial Of Service SSH RCE Apache +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
86.8%
Threat
6.1
CVE-2014-7169 CRITICAL POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
90.1%
Threat
7.7
CVE-2014-6271 CRITICAL POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2014-2653 MEDIUM POC This Month

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
2.9%
CVE-2014-2532 MEDIUM This Month

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

SSH Privilege Escalation
NVD VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2014-1692 HIGH Act Now

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.5% and no vendor patch available.

Buffer Overflow Denial Of Service SSH
NVD VulDB
CVSS 3.1
7.3
EPSS
12.5%
CVE-2013-4548 MEDIUM This Month

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation SSH Openssh
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2012-5536 MEDIUM POC This Month

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase,. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Red Hat Information Disclosure SSH Fedora Release Rawhide Enterprise Linux
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2012-6067 CRITICAL Act Now

freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSH Authentication Bypass Freeftpd
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2012-6066 CRITICAL POC THREAT Emergency

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.9%.

SSH Authentication Bypass Freesshd
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
75.9%
Threat
5.6
CVE-2012-5975 CRITICAL POC THREAT Emergency

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.7%.

SSH Authentication Bypass Tectia Server
NVD Exploit-DB GitHub
CVSS 2.0
9.3
EPSS
25.7%
Threat
4.1
CVE-2012-0814 LOW Monitor

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

SSH Authentication Bypass Openssh
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2025-61985 LOW Monitor

OpenSSH on Alpine Linux was patched in version 10.1_p1-r0, addressing an unspecified security vulnerability tracked as CVE-2025-61985. The nature of the flaw, affected versions prior to the fix, and the attacker-accessible impact have not been disclosed in the available intelligence. No public exploit has been identified at time of analysis, and the EPSS score of 0.06% (19th percentile) suggests low observed exploitation probability.

Information Disclosure SSH
NVD
CVSS 3.1
3.6
EPSS
0.1%
CVE-2025-61984 LOW Monitor

OpenSSH on Alpine Linux received a security fix in package version 10.1_p1-r0, addressing an unspecified vulnerability tracked as CVE-2025-61984. The exact nature, attack vector, and impact of this vulnerability are not disclosed in available intelligence sources - no CVE description, CVSS score, or CWE classification has been published at time of analysis. EPSS probability is extremely low at 0.01% (2nd percentile), and no public exploit or CISA KEV listing has been identified.

Information Disclosure SSH
NVD
CVSS 3.1
3.6
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SSH Information Disclosure IBM +2
NVD
EPSS 77% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSH RCE Openssh +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSH Authentication Bypass Openssh +3
NVD
EPSS 88% 5.4 CVSS 6.5
MEDIUM POC PATCH THREAT This Month

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 88.3%.

RCE SSH Openssh +5
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSH Python Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins SSH
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins SSH
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins SSH
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSH Extra Packages For Enterprise Linux +2
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

An issue was discovered in OpenSSH before 8.9. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

SSH Authentication Bypass Openssh +1
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh +11
NVD VulDB
EPSS 15% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.

SSH Information Disclosure Openssh +4
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Ova Appliance +1
NVD
EPSS 3% CVSS 7.1
HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh +8
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service SSH
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSH Information Disclosure Big Ip Access Policy Manager +11
NVD
EPSS 13% CVSS 7.4
HIGH POC THREAT This Week

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSH Command Injection Openssh +8
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh +8
NVD GitHub
EPSS 3% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

SSH Microsoft Information Disclosure +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSH Information Disclosure Openssh
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

SSH Integer Overflow RCE +6
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSH Authentication Bypass Cisco +114
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSH Authentication Bypass Fedora +1
NVD
EPSS 58% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH Path Traversal Openssh +18
NVD Exploit-DB
EPSS 21% CVSS 6.8
MEDIUM POC PATCH THREAT This Month

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH RCE Openssh +6
NVD Exploit-DB
EPSS 10% CVSS 6.8
MEDIUM PATCH This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh +19
NVD VulDB
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure SSH +6
NVD
EPSS 99% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH +22
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.5
HIGH PATCH This Week

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSH Null Pointer Dereference Denial Of Service +12
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure SSH
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSH Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH This Week

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

SSH Microsoft Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

SSH Authentication Bypass
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE SSH Dropbear Ssh
NVD
EPSS 90% 5.4 CVSS 5.9
MEDIUM POC THREAT This Month

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 90.0%.

SSH Information Disclosure
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

SSH Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

SSH Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to. Rated high severity (CVSS 7.0). Public exploit code available.

SSH Privilege Escalation
NVD GitHub Exploit-DB VulDB
EPSS 2% CVSS 7.3
HIGH POC PATCH This Week

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSH Information Disclosure
NVD GitHub Exploit-DB VulDB
EPSS 27% CVSS 7.5
HIGH PATCH Act Now

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.9%.

Denial Of Service SSH
NVD GitHub VulDB
EPSS 76% 5.3 CVSS 7.5
HIGH POC PATCH THREAT Act Now

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.8%.

Denial Of Service SSH Openssh +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SSH Privilege Escalation Debian Linux +4
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSH Privilege Escalation Oar +1
NVD
EPSS 47% 4.2 CVSS 6.4
MEDIUM POC THREAT This Month

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 47.1%.

SSH Authentication Bypass
NVD GitHub Exploit-DB VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSH Buffer Overflow +1
NVD
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service SSH Buffer Overflow
NVD VulDB
EPSS 67% CVSS 6.5
MEDIUM This Month

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 67.2% and no vendor patch available.

SSH Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SSH Privilege Escalation +1
NVD Exploit-DB
EPSS 2% CVSS 7.0
HIGH This Week

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging. Rated high severity (CVSS 7.0). No vendor patch available.

SSH Privilege Escalation
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation. Rated medium severity (CVSS 6.4). No vendor patch available.

SSH Information Disclosure
NVD GitHub VulDB
EPSS 74% 5.3 CVSS 8.1
HIGH POC THREAT Act Now

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 73.6%.

Denial Of Service SSH Privilege Escalation
NVD VulDB
EPSS 5% CVSS 4.3
MEDIUM This Month

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SSH Privilege Escalation Openssh
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SSH Authentication Bypass +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SSH Freebsd
NVD
EPSS 90% 7.5 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH
NVD Exploit-DB VulDB
EPSS 87% 6.1 CVSS 10.0
CRITICAL POC THREAT Emergency

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.8%.

Command Injection Denial Of Service SSH +3
NVD Exploit-DB
EPSS 90% 7.7 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH
NVD Exploit-DB VulDB
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Apache SSH +1
NVD Exploit-DB VulDB
EPSS 3% CVSS 6.5
MEDIUM POC This Month

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM This Month

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

SSH Privilege Escalation
NVD VulDB
EPSS 13% CVSS 7.3
HIGH Act Now

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.5% and no vendor patch available.

Buffer Overflow Denial Of Service SSH
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation SSH Openssh
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase,. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Red Hat Information Disclosure SSH +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSH Authentication Bypass Freeftpd
NVD
EPSS 76% 5.6 CVSS 9.3
CRITICAL POC THREAT Emergency

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.9%.

SSH Authentication Bypass Freesshd
NVD Exploit-DB
EPSS 26% 4.1 CVSS 9.3
CRITICAL POC THREAT Emergency

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.7%.

SSH Authentication Bypass Tectia Server
NVD Exploit-DB GitHub
EPSS 0% CVSS 3.5
LOW Monitor

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

SSH Authentication Bypass Openssh
NVD
EPSS 0% CVSS 3.6
LOW Monitor

OpenSSH on Alpine Linux was patched in version 10.1_p1-r0, addressing an unspecified security vulnerability tracked as CVE-2025-61985. The nature of the flaw, affected versions prior to the fix, and the attacker-accessible impact have not been disclosed in the available intelligence. No public exploit has been identified at time of analysis, and the EPSS score of 0.06% (19th percentile) suggests low observed exploitation probability.

Information Disclosure SSH
NVD
EPSS 0% CVSS 3.6
LOW Monitor

OpenSSH on Alpine Linux received a security fix in package version 10.1_p1-r0, addressing an unspecified vulnerability tracked as CVE-2025-61984. The exact nature, attack vector, and impact of this vulnerability are not disclosed in available intelligence sources - no CVE description, CVSS score, or CWE classification has been published at time of analysis. EPSS probability is extremely low at 0.01% (2nd percentile), and no public exploit or CISA KEV listing has been identified.

Information Disclosure SSH
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy