Known Vulnerabilities for Dropbear Ssh by Dropbear Ssh Project

Listed below are 10 of the newest known vulnerabilities associated with "Dropbear Ssh" by "Dropbear Ssh Project".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2021-36369	An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods...	7.5 - HIGH	2022-10-12	2023-01-20
CVE-2020-36254	scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.	8.1 - HIGH	2021-02-25	2021-09-17
CVE-2019-12953	Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different is...	5.3 - MEDIUM	2020-12-30	2021-07-21
CVE-2018-15599	The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability...	5.3 - MEDIUM	2018-08-21	2020-12-30
CVE-2017-9079	Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file forma...	4.7 - MEDIUM	2017-05-19	2019-10-04
CVE-2017-9078	The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in ...	8.8 - HIGH	2017-05-19	2022-07-11
CVE-2017-2659	It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an inval...	7.5 - HIGH	2019-03-21	2019-10-09
CVE-2016-7407	The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH k...	9.8 - CRITICAL	2017-03-03	2017-03-04
CVE-2016-7406	Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format strin...	9.8 - CRITICAL	2017-03-03	2017-03-04
CVE-2016-3116	CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-comman...	6.4 - MEDIUM	2016-03-22	2016-12-03

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Dropbear Ssh Project	Dropbear Ssh	2018.76	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2017.75	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2016.74	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2016.73	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2016.72	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2015.71	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2015.70	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2015.69	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2015.68	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2015.67	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2014.66	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2014.65	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2014.64	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2014.63	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2013.62	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2013.61	test	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2013.60	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2013.59	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2013.58	All	All	All
Application	Dropbear Ssh Project	Dropbear Ssh	2013.57	All	All	All

Results limited to 20 most recent known configurations