Search
Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2760 | 1 Openbsd | 1 Openssh | 2009-01-29 | 6.8 MEDIUM | N/A |
| sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. | |||||
| CVE-2003-0787 | 1 Openbsd | 1 Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. | |||||
| CVE-2003-0786 | 1 Openbsd | 1 Openssh | 2008-09-10 | 10.0 HIGH | N/A |
| The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. | |||||
| CVE-2002-0765 | 1 Openbsd | 2 Openbsd, Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. | |||||
| CVE-2001-1507 | 1 Openbsd | 1 Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. | |||||
| CVE-2000-0217 | 2 Openbsd, Ssh | 3 Openssh, Ssh, Ssh2 | 2008-09-10 | 5.1 MEDIUM | N/A |
| The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. | |||||
| CVE-2000-0143 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2008-09-10 | 4.6 MEDIUM | N/A |
| The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP. | |||||
| CVE-2001-1382 | 1 Openbsd | 1 Openssh | 2008-09-05 | 5.0 MEDIUM | N/A |
| The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. | |||||
| CVE-2001-0572 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2008-09-05 | 7.5 HIGH | N/A |
| The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | |||||
| CVE-2000-0999 | 1 Openbsd | 1 Openssh | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges. | |||||
| CVE-2003-1562 | 1 Openbsd | 1 Openssh | 2008-09-05 | 7.6 HIGH | N/A |
| sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. | |||||