Vulnerabilities (CVE)

Vendor filter

Ssh Subscribe

Product filter

Ssh Subscribe

Filter

15 total CVE
CVE Vendors Products Updated CVSS
CVE-2001-0144 2 Ssh, Openbsd 2 Openssh, Ssh 2018-05-03 10.0
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
CVE-1999-1029 1 Ssh 1 Ssh2 2017-12-19 7.5
SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.
CVE-2002-1646 1 Ssh 1 Secure Shell For Servers 2017-07-11 7.5
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.
CVE-2002-1645 1 Ssh 1 Ssh2 2017-07-11 10.0
Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL.
CVE-2001-1476 1 Ssh 1 Ssh 2017-07-11 7.5
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages...
CVE-2001-1475 1 Ssh 1 Ssh 2017-07-11 7.5
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated.
CVE-2001-1473 1 Ssh 1 Ssh 2017-07-11 7.5
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is...
CVE-2012-5975 1 Ssh 1 Tectia Server 2012-12-05 9.3
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to...
CVE-2011-0766 2 Erlang, Ssh 3 Crypto, Ssh, Erlang%2fotp 2011-07-13 7.8
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess...
CVE-2005-4310 1 Ssh 1 Tectia Server 2011-03-08 7.5
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
CVE-1999-0310 1 Ssh 1 Ssh 2008-09-09 7.5
SSH 1.2.25 on HP-UX allows access to new user accounts.
CVE-1999-0013 1 Ssh 1 Ssh 2008-09-09 7.5
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
CVE-2001-0572 2 Ssh, Openbsd 2 Openssh, Ssh 2008-09-05 7.5
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which...
CVE-2001-0471 1 Ssh 1 Ssh 2008-09-05 7.5
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
CVE-1999-0248 1 Ssh 1 Ssh 2008-09-05 10.0
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.