EUVD-2020-23797

Malware in sbrugna...

PT-2025-13781 · Vyos +2 · Vyos +2

Name of the Vulnerable Software and Affected Versions: VyOS versions 1.3 through 1.5 Description: The issue allows an attacker to conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the SSH daemon, due to the same Dropbear private host keys being used across...

CVE-2019-12953

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

CVE-2020-36254

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...

CVE-2019-12953

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

MGASA-2017-0165 Updated dropbear packages fix security vulnerability

A double-free in the server could be triggered by an authenticated user if dropbear is running with -a CVE-2017-9078. The default Mageia configuration does not set -a, so is not vulnerable Dropbear parsed authorizedkeys as root, even if it were a symlink. The fix is to switch to user permissions...