Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2020/07/27 12:0 a.m.33 views

GLSA-202007-29 : rssh: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-29 rssh: Multiple vulnerabilities Multiple vulnerabilities have been discovered in rssh. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

9.8CVSS8.1AI score0.04869EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2019/12/20 12:0 a.m.48 views

Amazon Linux AMI : rssh (ALAS-2019-1328)

Insufficient sanitation of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. CVE-2019-3464 Insufficient sanitation of arguments...

9.8CVSS8.4AI score0.04869EPSS
Exploits5References4
Amazon
Amazon
added 2019/12/13 12:0 a.m.100 views

Important: rssh

Issue Overview: Insufficient sanitation of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. CVE-2019-3464 Insufficient sanitati...

9.8CVSS9.3AI score0.04869EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.27 views

Fedora 30 : rssh (2019-d1487c13ac)

Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

9.8CVSS8AI score0.04869EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.31 views

Fedora 31 : rssh (2019-e47add6b2b)

Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

9.8CVSS8AI score0.04869EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.28 views

Fedora 29 : rssh (2019-bfb407659e)

Fix CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

9.8CVSS8AI score0.04869EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2019/04/12 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-3946-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.04869EPSS
Exploits5References2
Debian
Debian
added 2019/02/22 8:5 p.m.234 views

[SECURITY] [DSA 4377-3] rssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4377-3 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 22, 2019 https://www.debian.org/security/faq - -...

7.8CVSS8.8AI score0.0188EPSS
Exploits5
CVE
CVE
added 2019/02/04 9:0 p.m.149 views

CVE-2019-1000018

CVE-2019-1000018 affects rssh 2.3.4, where allowscp permits CWE-77 (Command Injection) leading to Local command execution. Exploitation is possible by an authorized SSH user with allowscp. Deb‑pack records note a fix version (Debian: 2.3.4-5+deb9u4); Alpine doc confirms the issue. No wider exploi...

7.8CVSS8.6AI score0.0188EPSS
Exploits5References13Affected Software1
AlpineLinux
AlpineLinux
added 2019/02/04 9:0 p.m.29 views

CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

7.8CVSS8.9AI score0.0188EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2019/01/31 12:0 a.m.26 views

Debian DSA-4377-1 : rssh - security update

The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve Subversion, rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of...

7.8CVSS7.6AI score0.0188EPSS
Exploits5References5
Debian
Debian
added 2019/01/30 7:36 p.m.110 views

[SECURITY] [DLA 1650-1] rssh security update

Package : rssh Version : 2.3.4-4+deb8u1 CVE ID : CVE-2019-1000018 Debian Bug : 919623 The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve Subversion, rdist and/or rsync operations. Missing validation in the scp...

7.8CVSS8.7AI score0.0188EPSS
Exploits5
Debian
Debian
added 2019/01/30 3:26 p.m.71 views

[SECURITY] [DSA 4377-1] rssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 30, 2019 https://www.debian.org/security/faq -...

7.8CVSS8.8AI score0.0188EPSS
Exploits5
Rows per page
Query Builder