12 matches found
kernel: stack overflow problem in Open vSwitch kernel module leading to DoS
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...
CVE-2024-1151
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...
Directory traversal
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned only directory traversa...
CVE-2019-25017
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned only directory traversa...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-1419)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : openssh (ALAS-2019-1313)
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...
EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1908)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle...
Amazon Linux 2 : openssh (ALAS-2019-1216)
An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented. A...
EulerOS Virtualization 2.5.3 : openssh (EulerOS-SA-2019-1355)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or...
Debian DLA-1728-1 : openssh security update
Multiple scp client vulnerabilities have been discovered in OpenSSH, the premier connectivity tool for secure remote shell login and secure file transfer. CVE-2018-20685 In scp.c, the scp client allowed remote SSH servers to bypass intended access restrictions via the filename of . or an empty...
Directory traversal
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
setfacl / getfacl symbolic links vulnerability
Symbolic links are followed on recursive operation...