Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1644
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 up to and including 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows malicious users to gain certain privileges.
Ssh Ssh2 2.4
Ssh Ssh2 2.5
Ssh Ssh2 3.1.4
Ssh Ssh2 3.2
Ssh Ssh2 3.0
Ssh Ssh2 3.0.1
Ssh Ssh2 3.2.1
Ssh Ssh2 2.2
Ssh Ssh2 2.3
Ssh Ssh2 3.1.2
Ssh Ssh2 3.1.3
Ssh Ssh2 2.0.13
Ssh Ssh2 2.1
Ssh Ssh2 3.1
Ssh Ssh2 3.1.1
NA
CVE-1999-1231
ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote malicious users to determine user account names on the server.
Ssh Ssh2 2.0.10
Ssh Ssh2 2.0.11
Ssh Ssh2 2.0.7
Ssh Ssh2 2.0.8
Ssh Ssh2 2.0.12
Ssh Ssh2 2.0.2
Ssh Ssh2 2.0.9
Ssh Ssh2 2.0.3
Ssh Ssh2 2.0.4
Ssh Ssh2 2.0
Ssh Ssh2 2.0.1
Ssh Ssh2 2.0.5
Ssh Ssh2 2.0.6
NA
CVE-1999-1029
SSH server (sshd2) prior to 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote malicious user to guess the password without showing up in the audit logs.
Ssh Ssh2 2.0.5
Ssh Ssh2 2.0.6
Ssh Ssh2 2.0.3
Ssh Ssh2 2.0.4
Ssh Ssh2 2.0.11
Ssh Ssh2 2.0.2
Ssh Ssh2 2.0.9
Ssh Ssh2 2.0
Ssh Ssh2 2.0.1
Ssh Ssh2 2.0.10
Ssh Ssh2 2.0.7
Ssh Ssh2 2.0.8
NA
CVE-2002-1645
Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote malicious users to execute arbitrary code via a long URL.
Ssh Ssh2 3.2
Ssh Ssh2 3.1
Ssh Ssh2 3.1.3
Ssh Ssh2 3.1.4
Ssh Ssh2 3.1.1
Ssh Ssh2 3.1.2
NA
CVE-2002-1715
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.
Ssh Ssh 1.2.0
Ssh Ssh 1.2.16
Ssh Ssh 1.2.1
Ssh Ssh 1.2.10
Ssh Ssh 1.2.18
Ssh Ssh 1.2.19
Ssh Ssh 1.2.25
Ssh Ssh 1.2.26
Ssh Ssh 1.2.4
Ssh Ssh 1.2.5
Ssh Ssh2 2.0.11
Ssh Ssh2 2.0.12
Ssh Ssh2 2.0.7
Ssh Ssh2 2.0.8
Ssh Ssh2 3.0
Ssh Ssh 1.2.11
Ssh Ssh 1.2.12
Ssh Ssh 1.2.2
Ssh Ssh 1.2.20
Ssh Ssh 1.2.27
Ssh Ssh 1.2.28
Ssh Ssh 1.2.6
1 EDB exploit
NA
CVE-2000-0217
The default configuration of SSH allows X forwarding, which could allow a remote malicious user to control a client's X sessions via a malicious xauth program.
Ssh Ssh 1.2.11
Ssh Ssh 1.2.12
Ssh Ssh 1.2.13
Ssh Ssh 1.2.14
Ssh Ssh 1.2.15
Ssh Ssh 1.2.27
Ssh Ssh 1.2.28
Ssh Ssh 1.2.29
Ssh Ssh 1.2.3
Ssh Ssh2 2.0.2
Ssh Ssh2 2.0.3
Ssh Ssh2 2.0.4
Ssh Ssh2 2.0.5
Ssh Ssh 1.2.2
Ssh Ssh 1.2.20
Ssh Ssh 1.2.21
Ssh Ssh 1.2.22
Ssh Ssh 1.2.7
Ssh Ssh 1.2.8
Ssh Ssh 1.2.9
Ssh Ssh2 2.0
Ssh Ssh 1.2.0
10
CVSSv3
CVE-2020-26301
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method...
Ssh2 Project Ssh2
NA
CVE-1999-1159
SSH 2.0.11 and previous versions allows local users to request remote forwarding from privileged ports without being root.
Ssh Ssh2 2.0.11
NA
CVE-2001-0364
SSH Communications Security sshd 2.4 for Windows allows remote malicious users to create a denial of service via a large number of simultaneous connections.
Ssh Ssh2 2.4
8.8
CVSSv3
CVE-2023-41939
Jenkins SSH2 Easy Plugin 1.4 and previous versions does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.
Jenkins Ssh2 Easy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »