22 matches found
Missing Write Protection for Parametric Data Values
Overview Affected versions of this package are vulnerable to Missing Write Protection for Parametric Data Values through improper sanitization of the destination path in the rename process. An attacker can overwrite files outside the intended root directory by supplying crafted destination paths...
MiracleLinux 8 : libssh-0.9.4-3.el8 (AXSA:2021-2641:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2641:02 advisory. libssh: NULL pointer dereference in sftpserver.c if sshbuffernew returns NULL CVE-2020-16135 Tenable has extracted the preceding description block directly...
EUVD-2020-24078
Malware in sbrugna...
EUVD-2024-47650
Malicious code in bioql PyPI...
CVE-2020-36617
A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...
CVE-2024-6580
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public k...
CVE-2024-6580
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public k...
CVE-2024-6580 /n software IPWorks SSH insufficient file access verification
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public k...
CVE-2024-6580 /n software IPWorks SSH insufficient file access verification
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public k...
CVE-2024-6580
CVE-2024-6580 concerns the IPWorks SSH library SFTPServer component. The issue arises when loading an SSH public key or certificate, where the component can be induced to make unintended filesystem or network path requests. Exploitation requires an application calling the SFTPServer to grant user...
PT-2024-37734 · /N · Ipworks Ssh
Name of the Vulnerable Software and Affected Versions: /n software IPWorks SSH versions prior to 22.0.8945 /n software IPWorks SSH versions prior to 24.0.8945 Description: The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path request...
CVE-2020-36617
A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...
CVE-2020-36617
A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...
Design/Logic Flaw
A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...
CVE-2020-36617
CVE-2020-36617 affects ewxrjk sftpserver; the issue is in the function sftp_parse_path of parse.c , where input leads to an uninitialized pointer. Patch bf4032f34832ee11d79aa60a226cc018e7ec5eed is identified as the fix. Several connected sources (Red Hat, NVD, CVE lists, vuln enrichment) describe...
PT-2022-9013 · Unknown · Ewxrjk Sftpserver
Name of the Vulnerable Software and Affected Versions: ewxrjk sftpserver affected versions not specified Description: A vulnerability was found in the ewxrjk sftpserver, affecting the function sftp parse path of the file parse.c. The manipulation leads to an uninitialized pointer. The real...
CVE-2020-36617 ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer
A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...
CVE-2020-36617 ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer
A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...
libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL
A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL...
Low: Red Hat Security Advisory: libssh security update
An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...