Dropbear Ssh Project Dropbear Ssh — known CVE vulnerabilities
Every CVE whose affected-product data names Dropbear Ssh Project Dropbear Ssh, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2016-7407 — CVSS 9.8 (critical): The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
CVE-2016-7406 — CVSS 9.8 (critical): Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers…
CVE-2017-9078 — CVSS 8.8 (high): The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP…
CVE-2016-7408 — CVSS 8.8 (high): The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
CVE-2020-36254 — CVSS 8.1 (high): scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
CVE-2004-2486 — CVSS 7.5 (high): The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain…
CVE-2007-1099 — CVSS 7.5 (high): dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow…
CVE-2021-36369 — CVSS 7.5 (high): An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the…
CVE-2012-0920 — CVSS 7.1 (high): Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are…
CVE-2005-4178 — CVSS 6.5 (medium): Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause…
CVE-2016-3116 — CVSS 6.4 (medium): CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions…
CVE-2023-48795 — CVSS 5.9 (medium): The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to…
CVE-2016-7409 — CVSS 5.5 (medium): The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the…
CVE-2018-15599 — CVSS 5.3 (medium): The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because…
CVE-2017-2659 — CVSS 5.3 (medium): It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is…
CVE-2019-12953 — CVSS 5.3 (medium): Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than…
CVE-2013-4434 — CVSS 5.0 (medium): Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the…
CVE-2013-4421 — CVSS 5.0 (medium): The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory…
CVE-2006-1206 — CVSS 5.0 (medium): Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows…
CVE-2017-9079 — CVSS 4.7 (medium): Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a…