ssh CVE Vulnerabilities & CVE List (48)

Products (CPE): — CVEs: 48

ssh vulnerability overview

Aggregates CVE and security vulnerability intelligence across all ssh-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface production workloads and vendor surface software deployment scenarios.

Vulnerability distribution trend (last 24 months)

Showing 4148 of 48 CVEs
«« First « Prev Page 3 / 3 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-1999-1231 ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server. [email protected] 5.0 1.48% 1999-06-09 2026-06-16
CVE-1999-1029 SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs. [email protected] 7.5 1.57% 1999-05-13 2026-06-16
CVE-1999-0398 In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. [email protected] 4.6 0.39% 1999-01-01 2026-06-16
CVE-1999-0248 A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. [email protected] 10.0 1.60% 1999-01-01 2026-06-16
CVE-1999-1159 SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. [email protected] 4.6 0.34% 1998-12-29 2026-06-16
CVE-1999-0310 SSH 1.2.25 on HP-UX allows access to new user accounts. [email protected] 7.5 1.49% 1998-09-01 2026-06-16
CVE-1999-1085 SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." [email protected] 5.0 3.16% 1998-06-12 2026-06-16
CVE-1999-0013 Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. [email protected] 8.4 1.09% 1998-01-22 2026-06-16
«« First « Prev Page 3 / 3 Next »
cvelogic Threat Intelligence