ssh2 vulnerabilities and exploits

4.6
CVSSv2
CVE-1999-1159

SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root....

5
CVSSv2
CVE-2001-0364

SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections....

5
CVSSv2
CVE-1999-1231

ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server....

10
CVSSv2
CVE-2002-1645

Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL....

7.5
CVSSv2
CVE-1999-1029

SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs....

7.2
CVSSv2
CVE-2002-1644

SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges....

7.2
CVSSv2
CVE-2002-1715

SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access....

SshSsh2
4.6
CVSSv2
CVE-1999-0398

In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login....

5.1
CVSSv2
CVE-2000-0217

The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program....

7.8
CVSSv2
CVE-2011-1624

Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631....