101 matches found
SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2015:1544-1) (Logjam)
openssh was updated to fix several security issues. These security issues were fixed : - CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote...
SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1547-1) (Logjam)
openssh was updated to fix several security issues and bugs. These security issues were fixed : - CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for...
SUSE-SU-2015:1544-1 Security update for openssh
openssh was updated to fix several security issues. These security issues were fixed: CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote...
Amazon Linux: Security Advisory (ALAS-2015-592)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : openssh (ALAS-2015-592)
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...
Medium: openssh
Issue Overview: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid ...
Fedora 21 : openssh-6.6.1p1-16.fc21 (2015-13469)
This update provides fixes for vulnerabilities published with openssh-7.0 Security fix for CVE-2015-5600 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much ...
Fedora Update for openssh FEDORA-2015-13469
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...
CVE-2015-6563
CVE-2015-6563 affects the OpenSSH sshd monitor component (monitor.c/monitor_wrap.c). The vulnerability allows a local attacker who has any SSH login access and can control the sshd uid to send a crafted MONITOR_REQ_PAM_INIT_CTX, enabling impersonation by leaking extraneous username data. Public a...
CVE-2014-6563
CVE-2014-6563 is described as an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 that could allow remote authenticated users to affect confidentiality via unknown vectors. The provided documents do not incl...
CVE-2014-6563
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538...
CVE-2014-4294
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538, and CVE-2014-6563...
CVE-2012-6563
CVE-2012-6563 affects Elgg prior to 1.8.5. The issue is in engine/lib/access.php where cached access lists are not properly cleared during plugin boot, allowing remote attackers to read private entities via unspecified vectors. Impact is read access to private data; no exploit vectors are detaile...
CVE-2008-6563
CVE-2008-6563 describes a buffer overflow in the XML parser of Trillian, affected as of version 3.1.9.0 (and possibly earlier). A crafted DTD file can be used by a remote attacker to cause a crash and potentially execute arbitrary code. Public references consistently name Trillian Buffer Overflow...
Gentoo Security Advisory GLSA 200702-02 (proftpd)
The remote host is missing updates announced in advisory GLSA 200702-02. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2007-6563
WinAce (by e-merge GmbH) is vulnerable to a heap-based buffer overflow in 2.65 and earlier (and possibly other versions before 2.69). A specially crafted long filename in a compressed UUE archive can cause a user-assisted remote attacker to execute arbitrary code with the user’s privileges. The J...
CVE-2006-6563
Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...
CVE-2006-6563
Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...
CVE-2006-6563
ProFTPD is affected by a local, stack-based buffer overflow in the mod_ctrls component. The vulnerability resides in the pr_ctrls_recv_request function (ctrls.c) of ProFTPD before 1.3.1rc1, where handling of a large reqarglen length value can allow a local attacker to execute arbitrary code. Affe...