42 matches found
CLSA-2026-1778788223 libssh2: Fix of 2 CVEs
CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...
Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3860)
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin only works with Tenable.ot. Please visit...
Linux Distros Unpatched Vulnerability : CVE-2019-3860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SS...
K000149288: libssh vulnerabilities CVE-2019-3859 and CVE-2019-3860
Security Advisory Description CVE-2019-3859 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
Ubuntu 16.04 ESM : libssh2 vulnerabilities (USN-5308-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5308-1 advisory. It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote,...
Medium: libssh2
Issue Overview: An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3859 An out of...
Medium: libssh2
Issue Overview: An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3859 An out of...
SUSE CVE-2019-3860
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
Ubuntu: Security Advisory (USN-5308-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : libssh2_org (SUSE-SU-2019:14099-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2019:14099-1 advisory. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who...
SUSE: Security Advisory (SUSE-SU-2019:13982-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:14099-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1606-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1308)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2019:1606-2 Security update for libssh2_org
This update for libssh2org fixes the following issues: - Fix the previous fix for CVE-2019-3860 bsc1136570, bsc1128481 Out-of-bounds reads with specially crafted SFTP packets...
SUSE-SU-2019:1606-1 Security update for libssh2_org
This update for libssh2org fixes the following issues: - Fix the previous fix for CVE-2019-3860 bsc1136570, bsc1128481 Out-of-bounds reads with specially crafted SFTP packets...
[SECURITY] [DLA 1730-4] libssh2 regression update
Package : libssh2 Version : 1.4.3-4.1+deb8u5 CVE ID : CVE-2019-3860 Several more boundary checks have been backported to libssh2s src/sftp.c. Furthermore, all boundary checks in src/sftp.c now result in an LIBSSH2ERRORBUFFERTOOSMALL error code, rather than a LIBSSH2ERROR OUTOFBOUNDARY error code...
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z
Summary AT&T has released versions 1801-z for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches Vulnerabili...
openSUSE: Security Advisory for libssh2_org (openSUSE-SU-2019:1640-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : libssh2_org (openSUSE-2019-1640)
This update for libssh2org fixes the following issues : - Fix the previous fix for CVE-2019-3860 bsc1136570, bsc1128481 Out-of-bounds reads with specially crafted SFTP packets This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...