OpenBSD OpenSSH 4.5
Approved changes feed: RSS · Atom
cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
part: a version: 4.5 update: *
| Vendor | Openbsd (932cdfc2-94b9-5fb6-8ef3-d0b271f414b5) |
|---|---|
| Product | Openssh (00fc4953-faf7-5f04-8d3d-4edd44206199) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/openssh/openssh-portable |
purl2cpe | 2026-06-01 10:17:38.304057 |
pkg:mindrot/openss |
purl2cpe | 2026-06-01 10:17:38.304059 |
pkg:openbsd/openssh |
purl2cpe | 2026-06-01 10:17:38.304060 |
pkg:rpm/fedora/openssh |
purl2cpe | 2026-06-01 10:17:38.304062 |
pkg:rpm/opensuse/openssh |
purl2cpe | 2026-06-01 10:17:38.304063 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2012-0814 |
vulnerable | 2026-06-08 05:00:45.524387 |
Details available
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
Published: 2012-01-27T19:00:00.000Z
Updated: 2026-05-22T10:28:10.281Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-5000 |
vulnerable | 2026-06-08 04:59:34.139495 |
Details available
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
Published: 2012-04-04T10:00:00.000Z
Updated: 2024-08-07T00:23:39.092Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-4327 |
vulnerable | 2026-06-08 04:59:30.682465 |
Details available
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
Published: 2014-02-03T02:00:00.000Z
Updated: 2026-05-29T20:31:20.769Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-5107 |
vulnerable | 2026-06-08 04:56:32.268124 |
Details available
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Published: 2013-03-07T20:00:00.000Z
Updated: 2026-05-29T20:32:32.155Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-4755 |
vulnerable | 2026-06-08 04:56:30.604674 |
Details available
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
Published: 2011-03-02T19:00:00.000Z
Updated: 2024-08-07T03:55:34.968Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-4478 |
vulnerable | 2026-06-08 04:56:28.611888 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-3259 |
vulnerable | 2026-06-08 04:50:33.782253 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-1657 |
vulnerable | 2026-06-08 04:50:21.276706 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-4752 |
vulnerable | 2026-06-08 04:49:57.107770 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-2243 |
vulnerable | 2026-06-08 04:49:44.473411 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-4925 |
vulnerable | 2026-06-08 04:49:19.235495 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2001-1029 |
vulnerable | 2026-06-08 04:45:21.302561 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2001-0572 |
vulnerable | 2026-06-08 04:45:20.517688 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2000-0999 |
vulnerable | 2026-06-08 04:45:19.125367 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.