114 matches found
openssh bug fix update
An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...
CVE-2022-26340
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacke...
F5 Networks BIG-IP : BIG-IP and BIG-IQ SCP vulnerability (K38271531)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K38271531 advisory. An authenticated, high-privileged attacker with no bash accessmay be able to access...
CVE-2021-34718
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
CVE-2021-34718
Cisco IOS XR Software contains an Arbitrary File Read/Write vulnerability in the SSH Server, exploitable by an authenticated, remote attacker via crafted SCP parameters during login. The issue stems from insufficient input validation of user-supplied arguments for the SCP file-transfer method, en...
CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
CVE-2021-34718
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...
The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.
The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...
CommScope Ruckus IoT Controller 安全漏洞
The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A security vulnerability exists in the IoT Controller...
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
...
DEBIAN-CVE-2020-15778
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...
PT-2020-18804 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP versions 11.6.1 through 11.6.5.2 BIG-IP versions 12.1.0 through 12.1.5.2 BIG-IP versions 13.1.0 through 13.1.3.3 Description: The issue arises from the BIG-IP system's failure to properly enforce access controls for the scp.blacklist...
The vulnerability of the File Store Service, a component of the Service Fabric application, allows a perpetrator to escalate their privileges.
The vulnerability of the File Store Service of the Service Fabric application is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to enhance their privileges by modifying the configuration file and connecting to SMB or SCP ports...
PT-2019-3616 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Copy SCP feature could allow an authenticated, remote attacker to cause a denial of service DoS condition. The issue is...
ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24249)
ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain WSFTP usernames and filenames via the SCP protocol...
ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24247)
ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain pathnames on the host operating system via the SCP...
PT-2019-12655 · Ipswitch · Ws Ftp Server
Name of the Vulnerable Software and Affected Versions: Progress ipswitch WS FTP Server versions prior to 8.6.1 Description: A Directory Traversal issue was discovered in SSHServerAPI.dll. An attacker can supply a string using special patterns via the SCP protocol to disclose WS FTP usernames as...
Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature
Cisco Nexus devices support an automatic provisioning or zero-touch deployment feature called PowerOn Auto Provisioning POAP. This feature assists in automating the initial deployment and configuration of Nexus switches. POAP is enabled by default and activates on devices that have no startup...