Explore top 10 tips to secure your open-source projects now. Read More
×
CVE-2015-5352
OpenSSH incorrectly verified time window deadlines for X connections.
Remote attackers could take advantage of this flaw to bypass intended
access restrictions. Reported by Jann Horn.
CVE-2015-5600
OpenSSH improperly restricted the processing of keyboard-interactive
devices within a single connection, which could allow remote attackers to perform brute-force attacks or cause a denial of service, in a
non-default configuration.
CVE-2015-6563
OpenSSH incorrectly handled usernames during PAM authentication. In
conjunction with an additional flaw in the OpenSSH unprivileged child
process, remote attackers could make use if this issue to perform user
impersonation. Discovered by Moritz Jodeit.
CVE-2015-6564
Moritz Jodeit discovered a use-after-free flaw in PAM support in
OpenSSH, that could be used by remote attackers to bypass
authentication or possibly execute arbitrary code.
CVE-2016-1908
Get the latest Linux and open source security news straight to your inbox.