Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openssh
(Openbsd)| Repositories |
• https://github.com/openbsd/src
• https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 114 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2001-08-22 | CVE-2001-0572 | The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | Openssh, Ssh | N/A | ||
| 2001-08-14 | CVE-2001-0529 | OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. | Openssh | N/A | ||
| 2001-06-27 | CVE-2001-0361 | Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. | Openssh, Ssh | N/A | ||
| 2001-03-12 | CVE-2001-0144 | CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. | Openssh, Ssh | N/A | ||
| 2001-01-09 | CVE-2000-1169 | OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent. | Openssh | N/A | ||
| 2000-12-11 | CVE-2000-0999 | Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges. | Openssh | N/A | ||
| 2000-12-19 | CVE-2000-0992 | Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. | Openssh, Ssh | N/A | ||
| 2000-06-08 | CVE-2000-0525 | OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. | Openssh | N/A | ||
| 2000-02-24 | CVE-2000-0217 | The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. | Openssh, Ssh, Ssh2 | N/A | ||
| 1999-12-14 | CVE-1999-1010 | An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. | Openssh | N/A |