Approved changes feed: RSS · Atom

cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*

part: a version: 5.4 update: *

VendorOpenbsd (932cdfc2-94b9-5fb6-8ef3-d0b271f414b5)
ProductOpenssh (00fc4953-faf7-5f04-8d3d-4edd44206199)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/openssh/openssh-portable purl2cpe 2026-06-01 10:17:38.304256
pkg:mindrot/openss purl2cpe 2026-06-01 10:17:38.304258
pkg:openbsd/openssh purl2cpe 2026-06-01 10:17:38.304259
pkg:rpm/fedora/openssh purl2cpe 2026-06-01 10:17:38.304261
pkg:rpm/opensuse/openssh purl2cpe 2026-06-01 10:17:38.304262

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2016-0778 vulnerable 2026-06-08 05:07:16.232129 Details available
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Published: 2016-01-14T00:00:00.000Z
Updated: 2026-05-29T20:28:32.960Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0777 vulnerable 2026-06-08 05:07:16.210202 Details available
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Published: 2016-01-14T00:00:00.000Z
Updated: 2026-05-29T20:30:01.702Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-0814 vulnerable 2026-06-08 05:00:45.529982 Details available
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
Published: 2012-01-27T19:00:00.000Z
Updated: 2026-05-22T10:28:10.281Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-5000 vulnerable 2026-06-08 04:59:34.139654 Details available
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
Published: 2012-04-04T10:00:00.000Z
Updated: 2024-08-07T00:23:39.092Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-4327 vulnerable 2026-06-08 04:59:30.688010 Details available
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
Published: 2014-02-03T02:00:00.000Z
Updated: 2026-05-29T20:31:20.769Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-5107 vulnerable 2026-06-08 04:56:32.268367 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-4755 vulnerable 2026-06-08 04:56:30.604842 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2010-4478 vulnerable 2026-06-08 04:56:28.618260 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.