Known Vulnerabilities for products from Dropbear Ssh Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Dropbear Ssh Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-48795 json | 5.9 - MEDIUM | 2023-12-18 | 2024-03-13 | |
| CVE-2021-36369 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-10-12 | 2023-01-20 |
| CVE-2020-36254 json | scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. | 8.1 - HIGH | 2021-02-25 | 2021-09-17 |
| CVE-2019-12953 json | Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different is... | 5.3 - MEDIUM | 2020-12-30 | 2021-07-21 |
| CVE-2018-15599 json | The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability... | 5.3 - MEDIUM | 2018-08-21 | 2020-12-30 |
| CVE-2017-9079 json | Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file forma... | 4.7 - MEDIUM | 2017-05-19 | 2019-10-04 |
| CVE-2017-9078 json | The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in ... | 8.8 - HIGH | 2017-05-19 | 2022-07-11 |
| CVE-2017-2659 json | It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an inval... | 7.5 - HIGH | 2019-03-21 | 2019-10-09 |
| CVE-2016-7409 json | The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process me... | 5.5 - MEDIUM | 2017-03-03 | 2017-03-04 |
| CVE-2016-7408 json | The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c ... | 8.8 - HIGH | 2017-03-03 | 2017-03-04 |
| CVE-2016-7407 json | The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH k... | 9.8 - CRITICAL | 2017-03-03 | 2017-03-04 |
| CVE-2016-7406 json | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format strin... | 9.8 - CRITICAL | 2017-03-03 | 2017-03-04 |
| CVE-2016-3116 json | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-comman... | 6.4 - MEDIUM | 2016-03-22 | 2016-12-03 |
| CVE-2013-4434 json | Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending o... | 5 - MEDIUM | 2013-10-25 | 2018-10-30 |
| CVE-2013-4421 json | The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of se... | 5 - MEDIUM | 2013-10-25 | 2018-10-30 |
| CVE-2012-0920 json | Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authenticat... | 7.1 - HIGH | 2012-06-05 | 2018-10-30 |
| CVE-2007-1099 json | dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which mig... | 7.5 - HIGH | 2007-02-26 | 2018-10-30 |
| CVE-2006-1206 json | Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating system... | Not Provided | 2006-03-14 | 2025-04-03 |
| CVE-2005-4178 json | Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs th... | Not Provided | 2005-12-12 | 2025-04-03 |
| CVE-2004-2486 json | The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attacker... | Not Provided | 2004-12-31 | 2025-04-03 |
Known software with vulnerabilities from Dropbear Ssh Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Dropbear Ssh Project | Dropbear Ssh | 0.28 |