Page 5 of 25 results (0.006 seconds)

CVSS: 5.1EPSS: 0%CPEs: 46EXPL: 0

The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. • http://www.securityfocus.com/bid/1006 •

CVSS: 4.6EPSS: 0%CPEs: 30EXPL: 0

The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0143 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1

The SSH authentication agent follows symlinks via a UNIX domain socket. • https://www.exploit-db.com/exploits/19510 http://marc.info/?l=bugtraq&m=93760201002154&w=2 http://marc.info/?l=bugtraq&m=93832856804415&w=2 http://www.securityfocus.com/bid/660 •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0398 •

CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 0

A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. • http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1 •