Dropbear_ssh_project Dropbear_ssh
11 CVEs affecting Dropbear_ssh_project Dropbear_ssh. Latest disclosed: 2023-12-18. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-7407 | Critical | 9.8 | 2017-03-03 | The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. |
CVE-2016-7406 | Critical | 9.8 | 2017-03-03 | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username o… |
CVE-2017-9078 | High | 8.8 | 2017-05-19 | The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the… |
CVE-2016-7408 | High | 8.8 | 2017-03-03 | The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. |
CVE-2016-3116 | Medium | 6.4 | 2016-03-22 | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 for… |
CVE-2023-48795 | Medium | 5.9 | 2023-12-18 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks… |
CVE-2016-7409 | Medium | 5.5 | 2017-03-03 | The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related… |
CVE-2017-9079 | Medium | 4.7 | 2017-05-19 | Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occ… |
CVE-2013-4434 | | 2013-10-25 | Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists… | |
CVE-2013-4421 | | 2013-10-25 | The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a c… | |
CVE-2012-0920 | | 2012-06-05 | Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote aut… |