- EPSS 32.42%
- Veröffentlicht 12.03.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:53:45
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
CVE-2000-1169
- EPSS 1.85%
- Veröffentlicht 09.01.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:53:18
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
- EPSS 5.67%
- Veröffentlicht 19.12.2000 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:52:55
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
- EPSS 11.94%
- Veröffentlicht 11.12.2000 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:52:56
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
- EPSS 2.63%
- Veröffentlicht 08.06.2000 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:51:55
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
CVE-2000-0217
- EPSS 0.97%
- Veröffentlicht 24.02.2000 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:51:14
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
CVE-2000-0143
- EPSS 0.35%
- Veröffentlicht 11.02.2000 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:51:05
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
CVE-1999-1010
- EPSS 1.42%
- Veröffentlicht 14.12.1999 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:49:30
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.