Filtered by vendor Ssh
Subscribe
Total
46 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0572 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2023-12-10 | 7.5 HIGH | N/A |
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | |||||
CVE-2003-1120 | 1 Ssh | 1 Tectia Server | 2023-12-10 | 3.7 LOW | N/A |
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key. | |||||
CVE-2001-1474 | 1 Ssh | 1 Ssh | 2023-12-10 | 5.0 MEDIUM | N/A |
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||
CVE-2001-0259 | 1 Ssh | 1 Ssh | 2023-12-10 | 3.6 LOW | N/A |
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file. | |||||
CVE-2002-1645 | 1 Ssh | 1 Ssh2 | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL. | |||||
CVE-1999-0248 | 1 Ssh | 1 Ssh | 2023-12-10 | 10.0 HIGH | N/A |
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. |