Openbsd Openssh
54 CVEs affecting Openbsd Openssh. Latest disclosed: 2026-04-02. Critical: 3, High: 18.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-28531 | Critical | 9.8 | 2023-03-17 | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. |
CVE-2016-1908 | Critical | 9.8 | 2017-04-11 | The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisio… |
CVE-2010-4478 | Critical | 9.8 | 2010-12-06 | OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypa… |
CVE-2024-6387 | High | 8.1 | 2024-07-01 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an uns… |
CVE-2016-0778 | High | 8.1 | 2016-01-14 | The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forwar… |
CVE-2015-5600 | High | 8.1 | 2015-08-03 | The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices withi… |
CVE-2016-10012 | High | 7.8 | 2017-01-05 | The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all… |
CVE-2015-8325 | High | 7.8 | 2016-05-01 | The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment fi… |
CVE-2026-35385 | High | 7.5 | 2026-04-02 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is perform… |
CVE-2026-3497 | High | 7.5 | 2026-03-12 | Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distrib… |
CVE-2016-10708 | High | 7.5 | 2018-01-21 | sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS mess… |
CVE-2016-8858 | High | 7.5 | 2016-12-09 | The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending… |
CVE-2016-6515 | High | 7.5 | 2016-08-07 | The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote atta… |
CVE-2010-5107 | High | 7.5 | 2013-03-07 | The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easie… |
CVE-2011-0539 | High | 7.5 | 2011-02-10 | The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does… |
CVE-2016-10009 | High | 7.3 | 2017-01-05 | Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by lev… |
CVE-2014-1692 | High | 7.3 | 2014-01-29 | The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data str… |
CVE-2023-51767 | High | 7.0 | 2023-12-24 | OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated… |
CVE-2021-41617 | High | 7.0 | 2021-09-26 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not i… |
CVE-2016-10010 | High | 7.0 | 2017-01-05 | sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privile… |