Vulnerabilities > SSH

DATE CVE VULNERABILITY TITLE RISK
2021-03-15 CVE-2021-27893 Improper Privilege Management vulnerability in SSH Tectia Client
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions.
local
ssh CWE-269
4.4
2021-03-15 CVE-2021-27892 Improper Privilege Management vulnerability in SSH Tectia Client
SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation.
local
low complexity
ssh CWE-269
4.6
2021-03-15 CVE-2021-27891 Unspecified vulnerability in SSH Tectia Client
SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation.
network
low complexity
ssh
6.5
2012-12-04 CVE-2012-5975 Improper Authentication vulnerability in SSH Tectia Server
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
network
ssh linux CWE-287
critical
9.3
2011-05-31 CVE-2011-0766 Cryptographic Issues vulnerability in multiple products
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
network
low complexity
erlang ssh CWE-310
7.8
2008-11-19 CVE-2008-5161 Information Exposure vulnerability in multiple products
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
network
high complexity
openbsd ssh CWE-200
2.6
2008-01-09 CVE-2007-5616 Permissions, Privileges, and Access Controls vulnerability in multiple products
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.
local
low complexity
ssh linux opengroup CWE-264
7.2
2007-04-18 CVE-2007-2063 Permissions, Privileges, and Access Controls vulnerability in SSH Tectia Server 5.0/5.1.0/5.2.0
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
local
ssh CWE-264
4.4
2006-10-24 CVE-2006-5484 Remote Security vulnerability in Tectia Client
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
network
low complexity
ssh
5.0
2006-08-23 CVE-2006-4316 Local Privilege Escalation vulnerability in SSH Tectia Manager Agent Process
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.
local
low complexity
ssh
7.2