898 matches found
The vulnerability of the `kex_method_diffie_hellman_group_exchange_sha256_key_exchange` function in the `kex.c` component of the SSH2 protocol implementation library Libssh2 allows a attacker to access confidential data and also trigger a denial-of-service attack.
The vulnerability of the kexmethoddiffiehellmangroupexchangesha256keyexchange function in the kex.c component of the SSH2 protocol implementation library Libssh2 is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to gain access to...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1)
The version of AOS installed on the remote host is prior to 5.19.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.1 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...
Slackware: Security Advisory (SSA:2019-077-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-17498 affecting package libssh2 for versions less than 1.9.0-1
CVE-2019-17498 affecting package libssh2 for versions less than 1.9.0-1. A patched version of the package is available...
USN-5308-1 libssh2 vulnerabilities
It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote, unauthenticated attacker could possibly execute arbitrary code on the client system. CVE-2019-3855 It was discovered that libssh2 incorrectly handled prompt...
USN-5308-1: libssh2 vulnerabilities
It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote, unauthenticated attacker could possibly execute arbitrary code on the client system. CVE-2019-3855 It was discovered that libssh2 incorrectly handled prompt...
Mageia: Security Advisory (MGASA-2019-0343)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0107)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2019-0139)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2848-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2848-1 : libssh2 - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2848 advisory. Two issues have been discovered in libssh2, a client-side C library implementing the SSH2 protocol: CVE-2019-13115:...
[SECURITY] [DLA 2848-1] libssh2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2848-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky December 17, 2021 https://wiki.debian.org/LTS -...
DLA-2848-1 libssh2 - security update
Bulletin has no description...
F5 Networks BIG-IP : libssh2 vulnerabilities (K90011301)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K90011301 advisory. CVE-2019-3856An integer overflow flaw, which could lead to an out of bounds write, was discovered in libss...
NewStart CGSL CORE 5.05 / MAIN 5.05 : libssh2 Vulnerability (NS-SA-2021-0173)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libssh2 packages installed that are affected by a vulnerability: - In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an...
Security Bulletin: Vulnerabilities in libssh2 affect Power Hardware Management Console (CVE-2016-0787)
Summary libssh2 is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the...
Security Bulletin: Vulnerability in libssh2 affects Power Hardware Management Console (CVE-2019-3862)
Summary libssh2 is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-3862 DESCRIPTION: An out of bounds read flaw was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload a...
Security Bulletin: Vulnerability in libssh2 CVE-2019-17498.
Summary libssh2 is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-17498 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when connecting to a malicious SSH server that sends a...
Advisory ROSA-SA-2021-1893
Software: libssh2 1.8.0 OS: Cobalt 7.9 CVE-ID: CVE-2019-13115 CVE-Crit: HIGH CVE-DESC: In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that can cause out-of-range reads when reading packets from the server. A remote attacker...
NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Vulnerability (NS-SA-2021-0026)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected by a vulnerability: - In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an...