Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability

A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...

The vulnerability of the SSH_MSG_CHANNEL_REQUEST command in the libssh2 library allows a hacker to execute arbitrary code.

The vulnerability of the SSHMSGCHANNELREQUEST command in the libssh2 library is related to writing data beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to an SSH server...

The vulnerability of the libssh2 library, related to errors in handling parameter length mismatches, allows attackers to trigger service failures or gain unauthorized access to protected information.

The vulnerability of the libssh2 library is related to errors in handling mismatches in parameter length. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures or gain unauthorized access to protected information by connecting to an SSH server...

The vulnerability of the libssh2 library, related to integer overflows, allows an attacker to execute arbitrary code.

The vulnerability of the libssh2 library is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by connecting to an SSH server...

CVE-2019-18465

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...

Mitsubishi Electric smartRTU and Inea ME-RTU Trust Management Issue Vulnerability

Mitsubishi Electric smartRTU is an intelligent Remote Terminal Unit RTU from Mitsubishi Electric, Japan.Inea ME-RTU is an intelligent communication gateway product from Inea, Slovenia. A trust management issue vulnerability exists in Mitsubishi Electric smartRTU version 2.02 and earlier and INEA...

The vulnerability of Wago industrial-controlled switches is related to the presence of pre-installed authentication data, which allows a intruder to gain access to the device.

The vulnerability of Wago industrial-controlled switches lies in the presence of pre-installed authentication data SSH keys. Exploiting this vulnerability allows a remote attacker to gain access to the device via the SSH protocol...

The vulnerability of Wago industrial-controlled switches is related to the presence of pre-installed authentication data, which allows a intruder to gain access to the device.

The vulnerability of Wago industrial-controlled switches lies in the presence of pre-installed authentication data root account credentials. Exploiting this vulnerability allows a malicious actor to gain access to the device via SSH and TELNET protocols from a remote location...

PT-2019-13868 · Inea · Me-Rtu

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier INEA ME-RTU devices versions 3.0 and earlier Description: An issue allows an attacker to gain unauthorized access or disclose encrypted data on the RTU due to hard-coded...

Cisco Wireless LAN Controller Secure Shell (SSH) Denial of Service Vulnerability (cisco-sa-20191016-wlc-ssh-dos)

According to its self-reported version, Cisco Wireless LAN Controller WLC is affected by a denial of service DoS vulnerability in its Secure Shell SSH component due to insufficient process cleanup. An authenticated, remote attacker can exploit this issue, by repeatedly initiating SSH connections,...

ALPINE-CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

UBUNTU-CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity an...

CVE-2019-15262

A vulnerability in the Secure Shell SSH session management for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when...

CVE-2019-15262

A vulnerability in the Secure Shell SSH session management for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when...

CVE-2019-15262 Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH session management for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when...

CVE-2019-15262 Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH session management for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when...

Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH session management for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when...

atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository

It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output...

CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...