An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0.

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injectio

SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a

Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to ex

SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call

SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simul

The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a m

ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only

SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of

In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login.

SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.