Ansible: Information leak in "user" module

The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen. This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have...

PT-2018-13771 · Openstack +1 · Openstack-Mistral +1

Name of the Vulnerable Software and Affected Versions: openstack-mistral affected versions not specified Description: A flaw in openstack-mistral allows the disclosure of the presence of arbitrary files within the filesystem of the executor running the action. This is achieved by manipulating the...

BSA-2018-734

Security Advisory ID : BSA-2018-734 Component : Secure Shell Revision : 1.0: Initial A vulnerability in Brocade Fabric OS Secure Shell implementation could allow a local attacker to provide arbitrary environment variables,which can be used to bypass the restricted configuration shell. Affected...

Juniper Device Manager Unauthorized Access Vulnerability

Juniper NFX Series is an NFX Series network security appliance from Juniper Networks, Inc. Juniper Device Manager JDM is one of the device management components; host OS is one of the host operating systems. A security vulnerability exists in Juniper Device Manager JDM and host OS on Juniper NFX...

Libssh Server-Side Authentication Bypass Vulnerability

libssh is a C library that implements the SSH2 protocol. An authentication bypass vulnerability exists on the server side of Libssh. By providing the SSH2MSGUSERAUTHSUCCESS message to the server in place of the SSH2MSGUSERAUTHREQUEST message that the server normally initiates authentication with,...

CVE-2018-13802

A vulnerability has been identified in ROX II All versions V2.12.1. An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network...

GHSA-F2J6-WRHH-V25M Paramiko Authentication Bypass vulnerability

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...

SIEMENS ROX II elevation of privilege vulnerability (CNVD-2018-20533)

SIMATIC ROX II is a ROX-based VPN endpoint and firewall device for connecting devices that operate in harsh environments, such as power substations and traffic control cabinets. An elevation of privilege vulnerability exists in SIMATIC ROX II. An authenticated attacker with elevated user account...

DEBIAN-CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...

PT-2018-2950

Name of the Vulnerable Software and Affected Versions Paramiko versions 1.17.6 through 2.4.1 Description The issue is related to insufficient access control in the Paramiko library, which can be exploited by a remote attacker to execute arbitrary code using the SSH protocol. This can result in...

CVE-2018-15399 Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The...

Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The...

CVE-2018-11750

Previous releases of the Puppet ciscoios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of ciscoios, host key checking is enabled by default...

[SECURITY] Fedora 27 Update: openssh-7.6p1-6.fc27

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

CVE-2018-15481

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in...

ALPINE-CVE-2018-15599

The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...

CloudBees Jenkins SSH Agent Plugin Information Disclosure Vulnerability

CloudBees Jenkins is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . SSH Agent Plugin is used in one of the plug-ins used to provi...

CVE-2018-0710

Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands...

Cisco FXOS and NX-OS Software Unauthorized Administrator Account Vulnerability

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete...

PT-2018-3907 · Cisco · Cisco Fxos +2

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software versions prior to the fixed version Cisco NX-OS Software versions prior to the fixed version Description: A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an...