matt johnston

Top products

The 8 most recently published vulnerabilities affecting matt johnston.

• CVE-2021-36369An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change...7.5Oct 12, 2022
• CVE-2020-36254scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.8.1Feb 25, 2021
• CVE-2019-12953Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.5.3Dec 30, 2020
• CVE-2018-15599The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messag...5.3Aug 21, 2018
• CVE-2017-9078The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.8.8May 19, 2017
• CVE-2017-9079Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is ...4.7May 19, 2017
• CVE-2016-7406Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.9.8Mar 3, 2017
• CVE-2016-7407The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.9.8Mar 3, 2017