openssh (SUSE:Manager Proxy 2.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Proxy 2.1 package openssh, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2016-1908 — CVSS 9.8 (critical): The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for…
CVE-2015-8325 — CVSS 7.8 (high): The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read…
CVE-2016-8858 — CVSS 7.5 (high): The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory…
CVE-2016-6515 — CVSS 7.5 (high): The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication…
CVE-2016-10009 — CVSS 7.3 (high): Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local…
CVE-2016-3115 — CVSS 6.4 (medium): Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended…
CVE-2016-10011 — CVSS 6.2 (medium): authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local…
CVE-2016-6210 — CVSS 5.9 (medium): sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the…