[SECURITY] Fedora 23 Update: openssh-7.1p2-1.fc23

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

DEBIAN-CVE-2016-0778

The 1 roamingread and 2 roamingwrite functions in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service heap-based...

DEBIAN-CVE-2016-0777

The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key...

OpenSSH: Client Information leak due to use of roaming connection feature

An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory possibly including private SSH keys of a successfully authenticated OpenSSH client...

SSH Authentication Backdoor Vulnerability in Fortigate Firewalls

FortiGate Fita Firewall is a network firewall product from Fortinet Fita for defense against attacks such as network and malicious code at the network and content layers. Fortigate Firewall has an SSH authentication backdoor vulnerability. FortiGate firewall FortimanagerAccess user's password is...

Hackers Cause World's First Power Outage with Malware

SCADA system has always been an interesting target for cyber crooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and "Havex" that previously targeted organizations in the energy sector. Now once...

The vulnerability of the ScreenOS operating system, related to deficiencies in authentication procedures, allows a perpetrator to connect to the device with administrator privileges.

The vulnerability of the ScreenOS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain administrator privileges by entering a specially crafted password when connecting to the device via SSH ...

Backdoor Vulnerability in Juniper Networks ScreenOS (CNVD-2015-08307)

ScreenOS is an operating system developed by Juniper Networks that runs on the NetScreen family of firewall products. An unauthorized access vulnerability exists in Juniper Networks ScreenOS, which can be exploited by an attacker to remotely gain administrative access to the device via SSH or...

Cisco Unified Computing System (UCS) Denial of Service Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. A security vulnerability exists in the SSH management interface of the Fabric Interconnect 6200 appliance. A remote attacker could cause a denial...

Cisco Prime Collaboration Assurance Default Account Credentials Vulnerability

Cisco Prime Collaboration Assurance PCA is a set of enterprise collaboration network management solutions from Cisco. A security vulnerability exists in Cisco PCA prior to version 11.0. A remote attacker could exploit the vulnerability to gain access by creating an SSH session with a known accoun...

Multiple Huawei eSpace switch denial of service vulnerabilities

Huawei eSpace U1910, eSpace U1911, eSpace U1930, eSpace U1960, eSpace U1980, and eSpace U1981 are eSpace U1900 series switch products from Huawei, China. A security vulnerability exists in the exception handling mechanism in the CLI Module of several Huawei eSpace switches, which allows remote...

Cisco Aironet SSHv2 Handling Denial of Service Vulnerability

Cisco Aironet is a wireless access point product from Cisco. A security vulnerability exists in Cisco Aironet that allows remote attackers to exploit the vulnerability to submit an excessive number of SSHv2 connections, consume a large amount of the device's CPU, and conduct denial of service...

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of the launchd component in the Mac OS X operating system is related to the lack of restrictions on the creation of processes that use network connections. Exploiting this vulnerability allows a malicious actor to cause service failure by connecting multiple devices to the SSH...

Apple OS X SSH Link Denial of Service Vulnerability

Apple OS X is an operating system developed by Apple Inc. Apple OS X launchd fails to properly limit the number of processes, allowing attackers to exploit a vulnerability to submit multiple SSH links for denial of service attacks...

Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability

The Cisco Secure Access Control System is the access policy control platform. A security vulnerability exists within the Secure Shell SSH of the Cisco Secure Access Control Server ACS, which can be exploited by a remote attacker to cause an unexpected termination of the SSH screen process,...

Sysax Multi Server 6.40 - SSH Component Denial of Service

''' Exploit title: Sysax Multi Server 6.40 ssh component denial of service vulnerability Date: 29-8-2015 Vendor homepage: http://www.sysax.com Software Link: http://www.sysax.com/download/sysaxservsetup.msi Version: 6.40 Author: 3unnym00n Details: ---------------------------------------------- by...

OpenSSH sshd monitor.c file memory misreference vulnerability

OpenSSH OpenBSD Secure Shell on non-OpenBSD platforms is a set of connectivity tools for secure access to remote computers running on non-OpenBSD BSD-based UNIX implementations platforms maintained by the OpenBSD Project. A memory misreference vulnerability exists in the 'mmanswerpamfreectx'...

The vulnerability of the microprogramming software of Sierra Wireless’ wireless gateways—AirLink GX450, AirLink ES440, AirLink GX440, and AirLink LS300—allows a hacker to gain access to the device with administrator privileges.

The vulnerability of the microprogramming software in Sierra Wireless’ wireless gateways—AirLink GX450, AirLink ES440, AirLink GX440, and AirLink LS300—is related to the presence of a pre-installed user with administrator privileges. Exploiting this vulnerability allows a malicious actor to gain...

PT-2015-5967 · Mobile Devices · Mobile Devices C4 Obd-Ii Dongle

Name of the Vulnerable Software and Affected Versions: Mobile Devices aka MDI C4 OBD-II dongles versions 2.x through 3.4.x Description: The issue allows remote attackers to gain access by leveraging knowledge of a private key from another installation, as the SSH private keys stored are the same...

[SECURITY] Fedora 22 Update: openssh-6.9p1-5.fc22

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...