Known Vulnerabilities for products from Dropbear Ssh Project
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Dropbear Ssh Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-36369 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-10-12 | 2023-01-20 |
| CVE-2020-36254 | scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. | 8.1 - HIGH | 2021-02-25 | 2021-09-17 |
| CVE-2019-12953 | Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different is... | 5.3 - MEDIUM | 2020-12-30 | 2021-07-21 |
| CVE-2018-15599 | The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability... | 5.3 - MEDIUM | 2018-08-21 | 2020-12-30 |
| CVE-2017-9079 | Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file forma... | 4.7 - MEDIUM | 2017-05-19 | 2019-10-04 |
| CVE-2017-9078 | The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in ... | 8.8 - HIGH | 2017-05-19 | 2022-07-11 |
| CVE-2017-2659 | It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an inval... | 7.5 - HIGH | 2019-03-21 | 2019-10-09 |
| CVE-2016-7409 | The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process me... | 5.5 - MEDIUM | 2017-03-03 | 2017-03-04 |
| CVE-2016-7408 | The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c ... | 8.8 - HIGH | 2017-03-03 | 2017-03-04 |
| CVE-2016-7407 | The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH k... | 9.8 - CRITICAL | 2017-03-03 | 2017-03-04 |
| CVE-2016-7406 | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format strin... | 9.8 - CRITICAL | 2017-03-03 | 2017-03-04 |
| CVE-2016-3116 | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-comman... | 6.4 - MEDIUM | 2016-03-22 | 2016-12-03 |
| CVE-2013-4434 | Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending o... | 5 - MEDIUM | 2013-10-25 | 2018-10-30 |
| CVE-2013-4421 | The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of se... | 5 - MEDIUM | 2013-10-25 | 2018-10-30 |
| CVE-2012-0920 | Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authenticat... | 7.1 - HIGH | 2012-06-05 | 2018-10-30 |
| CVE-2007-1099 | dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which mig... | 7.5 - HIGH | 2007-02-26 | 2018-10-30 |
| CVE-2006-1206 | Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating system... | 5 - MEDIUM | 2006-03-14 | 2018-10-30 |
| CVE-2005-4178 | Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs th... | 6.5 - MEDIUM | 2005-12-12 | 2018-10-30 |
| CVE-2004-2486 | The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attacker... | 7.5 - HIGH | 2004-12-31 | 2018-10-30 |
Known software with vulnerabilities from Dropbear Ssh Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Dropbear Ssh Project | Dropbear Ssh | 0.28 |