Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

OpenSSH MaxAuthTries Bypass

The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms. The kbdintnextdevice function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacke...

User Friendly Interactive Shell: Fish

Fish is a smart and user-friendly command line shell for OS X, Linux, and the rest of the family. fish includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required. FISH is designed to work with any other shell like...

Linux Memory Scanner: scanmem

Linux Memory Scanner scanmem is a debugging utility designed to isolate the address of an arbitrary variable in an executing process. scanmem simply needs to be told the pid of the process, and the value of the variable at several different times. After several scans of the process, scanmem...

[SECURITY] Fedora 22 Update: ipython-2.4.1-8.fc22

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

OpenSSH keyboard-interactive authentication brute force vulnerability

OpenSSH（OpenBSD Secure Shell）是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 6.9及之前版本的sshd中的auth2-chall.c文件中的‘kbdintnextdevice’函数存在安全漏洞。远程攻击者利用该漏洞可借助ssh -oKbdInteractiveDevices选项中较长且重复的列表实施暴力破解攻击，或造成拒绝服务（CPU消耗）。 ---snip--- diff...

Device Inspector v1.5 iOS - Command Inject Vulnerabilities

Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...

USN-2710-2 openssh regression

USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem. Original advisory details: Moritz Jodeit discovered that OpenSSH incorrectly handled...

USN-2710-2: OpenSSH regression

USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem. Original advisory details: Moritz Jodeit discovered that OpenSSH incorrectly handled...

Ubuntu 14.04 LTS : OpenSSH vulnerabilities (USN-2710-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2710-1 advisory. Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the...

Ubuntu: Security Advisory (USN-2710-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2710-1 openssh vulnerabilities

Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. CVE number pending Moritz Jodeit...

Debian DLA-288-2 : openssh regression update

In Debian LTS squeeze, the fix for CVE-2015-56001 in openssh 1:5.5p1-6+squeeze7 breaks authentication mechanisms that rely on the keyboard-interactive method. Thanks to Colin Watson for making aware of that. The patch fixing CVE-2015-5600 introduces the field 'devicesdone' to the KbdintAuthctxt...

[SECURITY] [DLA 288-1] openssh security update

Package : openssh Version : 1:5.5p1-6+squeeze6 CVE ID : CVE-2015-5352 CVE-2015-5600 Debian Bug : 790798 793616 A recent upload of OpenSSH to Debian squeeze-lts fixes two security issues. CVE-2015-5352 It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made...

Device Inspector v1.5 iOS - Command Inject Vulnerabilities

Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...

DLA-288-1 openssh - security update

Bulletin has no description...

Device Inspector v1.5 iOS - Command Inject Vulnerabilities

Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...

OpenSSH sshd vulnerability

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers maintained by the OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...

DEBIAN-CVE-2015-5600

The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service CPU consumptio...

CVE-2015-5600

The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service CPU consumptio...