Approved changes feed: RSS · Atom

cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*

part: a version: 2 update: *

VendorOpenbsd (932cdfc2-94b9-5fb6-8ef3-d0b271f414b5)
ProductOpenssh (00fc4953-faf7-5f04-8d3d-4edd44206199)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/openssh/openssh-portable purl2cpe 2026-06-01 10:17:38.303164
pkg:mindrot/openss purl2cpe 2026-06-01 10:17:38.303166
pkg:openbsd/openssh purl2cpe 2026-06-01 10:17:38.303167
pkg:rpm/fedora/openssh purl2cpe 2026-06-01 10:17:38.303169
pkg:rpm/opensuse/openssh purl2cpe 2026-06-01 10:17:38.303170

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2012-0814 vulnerable 2026-06-08 05:00:45.490149 Details available
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
Published: 2012-01-27T19:00:00.000Z
Updated: 2026-05-22T10:28:10.281Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-4327 vulnerable 2026-06-08 04:59:30.648601 Details available
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
Published: 2014-02-03T02:00:00.000Z
Updated: 2026-05-29T20:31:20.769Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-4109 vulnerable 2026-06-08 04:50:37.870142 Details available
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
Published: 2008-09-17T18:06:00.000Z
Updated: 2024-08-07T10:00:42.727Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2003-1562 vulnerable 2026-06-08 04:47:47.905049 Details available
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
Published: 2008-08-04T10:00:00.000Z
Updated: 2024-09-16T19:56:09.880Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.