CVE-2023-48795

< 2022.83

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker

5.9MEDIUM

CVE-2021-36369

<= 2020.81

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in t

7.5HIGH

CVE-2020-36254

< 2020.79

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

8.1HIGH

CVE-2019-12953

>= 2011.54 and <= 2018.76

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue t

5.3MEDIUM

CVE-2017-2659

< 2013.59

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid us

5.3MEDIUM

CVE-2018-15599

<= 2018.76

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability beca

5.3MEDIUM

CVE-2017-9079

< 2017.75

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format wit

4.7MEDIUM

CVE-2017-9078

< 2017.75

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in clean

8.8HIGH

CVE-2016-7409

<= 2016.73

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory

5.5MEDIUM

CVE-2016-7408

<= 2016.73

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argum

8.8HIGH

CVE-2016-7407

<= 2016.73

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key fi

9.8CRITICAL

CVE-2016-7406

<= 2016.73

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string spe

9.8CRITICAL

CVE-2016-3116

<= 2015.71

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command res

6.4MEDIUM

CVE-2013-4434

< 2013.59

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whe

CVE-2013-4421

< 2013.59

The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service

CVE-2012-0920

>= 0.52 and <= 2012.54

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication a

CVE-2007-1099

< 0.49

dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might al

CVE-2006-1206

<= 0.47

Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, al

CVE-2005-4178

< 0.47

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that ca

CVE-2004-2486

< 0.43

The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to