USN-3885-1: OpenSSH vulnerabilities

Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output...

The vulnerability of Cisco IOS and IOS XE operating system SSH servers allows attackers to circumvent security restrictions.

The vulnerability of Cisco IOS and IOS XE operating systems’ SSH servers is related to errors in the mechanisms for checking access to the SSH server, originating from instances of Virtual Routing and Forwarding VRF. Exploiting this vulnerability can allow a malicious actor to establish an SSH...

ALPINE-CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

DEBIAN-CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

[SECURITY] Fedora 28 Update: openssh-7.8p1-4.fc28

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

The vulnerability of the TeNIX operating system for programmable logic controllers MFC1500 and MFC3000 allows a hacker to gain full access to the system.

The vulnerability of the TeNIX operating system for programmable logic controllers MFC1500 and MFC3000 is related to the use of a default weak password for the root account, information about which is not available in the documentation. Exploiting this vulnerability could allow an attacker,...

[SECURITY] Fedora 29 Update: openssh-7.9p1-3.fc29

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Cisco IOS and Cisco IOS XE Software Secure Shell Server Access Control Error Vulnerability

Cisco IOS and IOS XE Software are both operating systems developed by Cisco for its network devices. An Access Control Error vulnerability exists in the Secure Shell SSH server in Cisco IOS and Cisco IOS XE Software, which stems from a lack of program detection. An attacker could exploit the...

CVE-2018-0484

A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...

Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability

A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...

CVE-2018-9083

In System Management Module SMM versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability...

TELEPORT Cross-Site Request Forgery Vulnerability

tp4a TELEPORT is a bastion system. The system supports hopping and management of RDP and SSH protocols. A cross-site request forgery vulnerability exists in tp4a TELEPORT version 3.1.0. A remote attacker can exploit this vulnerability to change arbitrary passwords e.g., administrator password wit...

UBUNTU-CVE-2018-19518

University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...

The vulnerability of the Juniper Device Manager (JDM) operating system, allowing a hacker to gain full access to the device

The vulnerability of the Juniper Device Manager JDM operating system is related to the use of a default password for SSHD. Exploiting this vulnerability can allow an attacker to gain full access to the device...

Cradlepoint Router has multiple vulnerabilities

Cradlepoint, the industry leader in Modems and Routers for 4G/LTE networks, provides the highest caliber solutions for enterprise 4G/LTD/Wi-Fi wireless networks and provides managed services to ensure optimal network uptime. Cradlepoint Router has multiple vulnerabilities. An attacker using...

CVE-2018-6441

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell...

Authentication flaw

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell...

CVE-2018-6441

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell...

CVE-2018-6441

CVE-2018-6441 involves a local bypass in the Secure Shell implementation of Brocade Fabric OS. Affected: Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d. Root cause: ability for a local attacker to provide arbitrary environment variables, bypassing the restricted configuration shell. Impa...

python-paramiko: Authentication bypass in auth_handler.py

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...