The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
|701162||OpenSSH < 5.9 Multiple DoS||Nessus Network Monitor||SSH|
|127415||NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)||Nessus||NewStart CGSL Local Security Checks|
|127206||NewStart CGSL CORE 5.04 / MAIN 5.04 : openssh Multiple Vulnerabilities (NS-SA-2019-0036)||Nessus||NewStart CGSL Local Security Checks|
|73958||GLSA-201405-06 : OpenSSH: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|17703||OpenSSH < 5.9 Multiple DoS||Nessus||Denial of Service|