Vulnerabilities > SSH
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-23 | CVE-2006-4315 | Privilege Escalation vulnerability in SSH Tectia Windows Path Specification Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. | 7.2 |
2005-12-17 | CVE-2005-4310 | Authentication Authorization Bypass vulnerability in SSH Tectia Server 5.0.0A/5.0.0F/5.0.0T SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials. | 7.5 |
2005-07-05 | CVE-2005-2146 | Local Security vulnerability in SSH Tectia Server 4.3.1 SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. | 4.6 |
2003-12-31 | CVE-2003-1120 | Unspecified vulnerability in SSH Tectia Server 4.0.3/4.0.4 Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key. | 3.7 |
2003-12-31 | CVE-2003-1119 | Denial-Of-Service vulnerability in SSH Secure Shell 3.1/3.2 SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets. | 5.0 |
2002-12-31 | CVE-2002-1715 | Unspecified vulnerability in SSH and Ssh2 SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. | 7.2 |
2002-12-31 | CVE-2002-1646 | Unspecified vulnerability in SSH Secure Shell FOR Servers SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. | 7.5 |
2002-11-25 | CVE-2002-1645 | Buffer Overflow vulnerability in SSH Communications Secure Shell Windows Client URL Catcher Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL. | 10.0 |
2002-11-25 | CVE-2002-1644 | Privilege Escalation vulnerability in SSH Communications SSH Server SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges. | 7.2 |
2001-08-22 | CVE-2001-0572 | The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | 7.5 |