TLS vulnerabilities
Showing 501 - 509 of 509 CVEs
- CVE-2000-0992 Published Dec 19, 2000
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
- CVE-2000-0973 Published Dec 19, 2000
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
- CVE-2000-0999 Published Dec 11, 2000
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
- CVE-2000-0535 Published Jun 12, 2000
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
- CVE-2000-0525 Published Jun 8, 2000
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
- CVE-2000-0217 Published Feb 24, 2000
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
- CVE-2000-0143 Published Feb 11, 2000
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
- CVE-1999-1010 Published Dec 14, 1999
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
- CVE-1999-0428 Published Mar 22, 1999
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.