194 matches found
CVE-2020-15157 containerd can be coerced into leaking credentials during image pull
In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...
CVE-2020-8912
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...
Authentication flaw
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...
Denial Of Service (DoS)
libssh is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers...
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2020-1699)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization for ARM 64 3.0.6.0 : libssh (EulerOS-SA-2020-1699)
According to the version of the libssh package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled...
Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other...
FreeBSD : Client/server denial of service when handling AES-CTR ciphers (3d7dfd63-823b-11ea-b3a8-240a644dd835)
The libssh team reports originally reported by Yasheng Yang from Google : A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the...
EulerOS 2.0 SP8 : libssh (EulerOS-SA-2020-1509)
According to the version of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or...
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2020-1509)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated libssh packages fix security vulnerability
Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...
MGASA-2020-0171 Updated libssh packages fix security vulnerability
Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...
GLSA-202004-08 : libssh: Denial of service
The remote host is affected by the vulnerability described in GLSA-202004-08 libssh: Denial of service It was discovered that libssh could crash when AES-CTR ciphers are used. Impact : A remote attacker running a malicious client or server could possibly crash the counterpart implemented with...
openSUSE Security Update : libssh (openSUSE-2020-510)
This update for libssh fixes the following issues : - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR bsc1168699. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...
CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...
Design/Logic Flaw
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...
CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...
CVE-2020-1730
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...
CVE-2020-1730
The CVE-2020-1730 vulnerability affects libssh versions before 0.8.9 and before 0.9.4, caused by how AES-CTR (or DES, if enabled) ciphers are handled. If a connection isn’t fully initialized, cleaning up these ciphers on close can crash the server or client, impacting availability. Upgrading to l...