This page lists publicly disclosed CVE vulnerabilities affecting ssh ssh2 (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2002-1715 | SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. | [email protected] | 7.2 | 0.89% | 2002-12-31 | 2026-06-16 |
| CVE-2002-1645 | Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL. | [email protected] | 10.0 | 7.87% | 2002-11-25 | 2026-06-16 |
| CVE-2002-1644 | SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges. | [email protected] | 7.2 | 0.45% | 2002-11-25 | 2026-06-16 |
| CVE-2001-0364 | SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections. | [email protected] | 5.0 | 1.61% | 2001-06-27 | 2026-06-16 |
| CVE-2000-0217 | The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. | [email protected] | 5.1 | 0.97% | 2000-02-24 | 2026-06-16 |
| CVE-1999-1231 | ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server. | [email protected] | 5.0 | 1.48% | 1999-06-09 | 2026-06-16 |
| CVE-1999-1029 | SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs. | [email protected] | 7.5 | 1.57% | 1999-05-13 | 2026-06-16 |
| CVE-1999-0398 | In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. | [email protected] | 4.6 | 0.39% | 1999-01-01 | 2026-06-16 |
| CVE-1999-1159 | SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. | [email protected] | 4.6 | 0.34% | 1998-12-29 | 2026-06-16 |