Lucene search
+L

114 matches found

F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.108 views

K17113: OpenSSH vulnerability CVE-2015-5600

Security Advisory Description The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a...

8.5CVSS6.7AI score0.09302EPSS
Exploits1Affected Software21
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.6 views

SUSE CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

7.6CVSS8.5AI score0.05573EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.3 views

SUSE CVE-2015-5600

The kbdintnextdevice function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service CPU consumptio...

8.5CVSS7.5AI score0.09302EPSS
Exploits1References23
BDU FSTEC
BDU FSTEC
added 2022/12/28 12:0 a.m.10 views

The vulnerability of the kbdint_next_device() function in the sshd service of the OpenSSH security tool allows a attacker to execute a brute-force attack or cause a service failure.

The vulnerability of the kbdintnextdevice function in the sshd service of the OpenSSH cryptographic protection mechanism is related to deficiencies in access control when processing the oKbdInteractiveDevices parameter, which contains a list of methods for authenticating using an interactive...

8.5CVSS6.6AI score0.09302EPSS
Exploits1References23Affected Software19
BDU FSTEC
BDU FSTEC
added 2021/12/24 12:0 a.m.5 views

The vulnerability of the userauth_keyboard_interactive() function in the userauth.c component of the libssh2 library allows a hacker to execute arbitrary code.

The vulnerability of the userauthkeyboardinteractive function in the userauth.c component of the libssh2 library is related to integer overflow. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

9.3CVSS7.6AI score0.06131EPSS
Exploits0References10Affected Software6
Metasploit
Metasploit
added 2020/12/17 5:41 p.m.117 views

Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow

This module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 x86 in VirtualBox, VMware Fusion, and VMware...

10CVSS9.7AI score0.79842EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.69 views

NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

9.8CVSS7.7AI score0.88944EPSS
Exploits38References16
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.46 views

RHEL 7 : libssh2 (RHSA-2019:2399)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2399 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. Security Fixes: libssh2: Integer overflow in transport read...

9.3CVSS7.3AI score0.09219EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2019/08/07 11:40 a.m.7 views

libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

8.8CVSS7.3AI score0.03437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/08/07 11:40 a.m.6 views

libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

8.8CVSS7.6AI score0.06131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/07/30 9:16 a.m.8 views

libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

8.8CVSS7.3AI score0.03437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/07/16 1:50 p.m.8 views

libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

8.8CVSS7.6AI score0.06131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/07/16 1:50 p.m.6 views

libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

8.8CVSS7.3AI score0.03437EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/07/03 12:0 a.m.26 views

Scientific Linux Security Update : libssh2 on SL6.x i386/x86_64 (20190702)

Security Fixes : - libssh2: Integer overflow in transport read resulting in out of bounds write CVE-2019-3855 - libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write CVE-2019-3856 - libssh2: Integer overflow in SSH packet processing channel resulting in out o...

9.3CVSS7AI score0.09219EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/07/02 11:55 a.m.8 views

libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

8.8CVSS7.6AI score0.06131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/07/02 11:55 a.m.5 views

libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

8.8CVSS7.3AI score0.03437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/14 6:15 p.m.5 views

libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

8.8CVSS7.3AI score0.03437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/03/28 3:35 p.m.3 views

libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

8.8CVSS7.3AI score0.03437EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2019/03/28 12:0 a.m.66 views

libssh2 security update

1.4.3-12.el76.2 - sanitize public header file detected by rpmdiff 1.4.3-12.el76.1 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix integer overflow in SSH packet processing channel resulting in out of bounds write CVE-2019-3857 - fix...

9.3CVSS2.4AI score0.09219EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2019/03/28 12:0 a.m.136 views

Security update for libssh2_org (moderate)

openSUSE Security Update: Security update for libssh2org Announcement ID: openSUSE-SU-2019:1075-1 Rating: moderate References: 1091236 1128471 1128472 1128474 1128476 1128480 1128481 1128490 1128492 1128493 Cross-References: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859...

9.3CVSS7.4AI score0.09219EPSS
Exploits0References10
Rows per page
Query Builder