CVE-2016-7409 is a local information-disclosure issue in Dropbear SSH. On affected versions before 2016.74, dbclient and server builds compiled with DEBUG_TRACE can let a local user read process memory via the -v argument, in a path related to a failed remote ident. The NVD record classifies it as CWE-200 with CVSS 5.5 (medium), reflecting that the issue requires local access and affects confidentiality r [truncated]
CVE-2016-7408 is a high-severity flaw in Dropbear SSH’s dbclient component. Versions through 2016.73 are affected, and the issue was publicly disclosed on 2017-03-03. NVD rates the impact as high and maps the weakness to CWE-284 (Improper Access Control).
CRITICALDropbear SSH ProjectCVE published 2017-03-03
CVE-2016-7407 is a critical vulnerability in Dropbear SSH’s dropbearconvert command. According to the NVD record, versions through 2016.73 are affected, and a crafted OpenSSH key file can lead to arbitrary code execution. The NVD CVSS v3.0 vector rates the issue 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a remotely reachable, unauthenticated risk with high impact.
CRITICALDropbear SSH ProjectCVE published 2017-03-03
CVE-2016-7406 is a critical vulnerability in Dropbear SSH before 2016.74. NVD describes a format string issue in the username or host argument that can allow remote attackers to execute arbitrary code, with a network-exploitable CVSS 3.0 score of 9.8.
