The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
|17704||OpenSSH S/KEY Authentication Account Enumeration||Nessus||Misc.|
|44078||OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass||Nessus||Misc.|
|55992||SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure||Nessus||Misc.|
|4209||OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass||Nessus Network Monitor||SSH|