Lucene search
K

32 matches found

FreeBSD
FreeBSD
added 2019/07/14 12:0 a.m.20 views

PuTTY 0.72 -- buffer overflow in SSH-1 and integer overflow in SSH client

Simon Tatham reports: Vulnerabilities fixed in this release include: A malicious SSH-1 server could trigger a buffer overrun by sending extremely short RSA keys, or certain bad packet length fields. Either of these could happen before host key verification, so even if you trust the server you...

2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2015/10/30 9:17 a.m.31 views

CVE-2001-1473

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows th...

7.5CVSS7.1AI score0.06268EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/10/14 12:0 a.m.440 views

Deprecated SSH-1 Protocol Detection

The host is running SSH and is providing / accepting one or more deprecated versions of the SSH protocol which have known cryptographic flaws. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.5CVSS8.3AI score0.07032EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2006/10/10 12:0 a.m.146 views

SOL6736 - OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924

This security advisory describes an OpenSSH Signal Handling vulnerability CVE-2006-5051. A remote attacker could possibly leverage this flaw to cause a denial of service. This security advisory also describes a denial of service bug CVE-2006-4924 in the OpenSSH sshd server. A remote attacker can...

9.3CVSS8.1AI score0.44963EPSS
Exploits8
Cvelist
Cvelist
added 2005/04/21 4:0 a.m.43 views

CVE-2001-1473

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows th...

6.3AI score0.06268EPSS
Exploits0References2
CVE
CVE
added 2005/04/21 4:0 a.m.48 views

CVE-2001-1466

CVE-2001-1466 : The connected sources confirm a vulnerability in VanDyke SecureCRT (pre-3.4.2) where a buffer overflow is triggered by a long username or password when using the SSH-1 protocol , allowing remote code execution. The description is consistent across NVD/CVE records; exploitation det...

7.5CVSS8.3AI score0.03982EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/04/21 4:0 a.m.324 views

CVE-2001-1473

CVE-2001-1473 : The SSH-1 protocol vulnerability allows a remote attacker to perform man-in-the-middle and replay attacks by crafting a Session ID that matches the target’s Session ID but uses a weaker public key, enabling the attacker to compute the corresponding private key and masquerade as th...

7.5CVSS6.3AI score0.06268EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2001/12/30 5:0 a.m.17 views

CVE-2001-1466

Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long 1 username or 2 password...

7.5CVSS7.9AI score0.03982EPSS
Exploits0References3
CVE
CVE
added 2001/09/18 4:0 a.m.271 views

CVE-2001-0361

CVE-2001-0361 affects SSH v1.5 implementations, notably OpenSSH up to 2.3.0, AppGate, and ssh-1 up to 1.2.31, when configured in certain ways. The issue enables a remote attacker to decrypt and/or alter traffic via a Bleichenbacher attack on PKCS#1 version 1.5. The connected PT security entries (...

4CVSS9.2AI score0.02501EPSS
Exploits0References10Affected Software2
CVE
CVE
added 2001/05/24 4:0 a.m.66 views

CVE-2001-0471

CVE-2001-0471 applies to SSH1 (SSH server 1.2.30 or earlier). The issue is that SSH1 SSH Daemon does not log repeated login attempts, which could allow remote attackers to carry out brute-force-style account compromises without detection. Multiple connected sources (NVD/Nessus/OpenVAS entries) co...

7.5CVSS6.7AI score0.05574EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2001/01/18 5:0 a.m.35 views

CVE-2001-1473

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows th...

7.5CVSS6.4AI score0.06268EPSS
Exploits0References2
CERT
CERT
added 2000/11/07 12:0 a.m.25 views

SSH-1 allows client authentication to be forwarded by a malicious server to another server

Overview A design flaw in the SSH-1 protocol allows a malicious server to establish two concurrent sessions with the same session ID, allowing a man-in-the-middle attack. The client must accept unknown host keys from the malicious server to enable exploitation of this vulnerability. Description...

6.8AI score
Exploits0References2
Rows per page
Query Builder