PT-2021-4048 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SSH Server process could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This issue is due to...

CVE-2021-1572 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

Neo4j 3.4.18 Remote Code Execution

Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Date: 7/30/21 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on:...

Neo4j 3.4.18 - RMI based Remote Code Execution Exploit

Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on: Windows, Mac In old...

The vulnerability of the libssh2 library, related to errors in handling parameter length mismatches, allows attackers to trigger service failures or gain unauthorized access to protected information.

The vulnerability of the libssh2 library is related to errors in handling mismatches in parameter length. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures or gain unauthorized access to protected information by connecting to an SSH server...

The vulnerability of the libssh2 library, related to integer overflows, allows an attacker to execute arbitrary code.

The vulnerability of the libssh2 library is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by connecting to an SSH server...

The vulnerability of the Core Shell COM Server component in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Core Shell COM Server component in Windows operating systems is related to errors in handling COM calls. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

Design/Logic Flaw

A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...

UBUNTU-CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

ALPINE-CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

ALPINE-CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

CVE-2018-0484

A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...

python-paramiko: Authentication bypass in auth_handler.py

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...

python-paramiko: Authentication bypass in transport.py

It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko...

python-paramiko: Authentication bypass in transport.py

It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko...

python-paramiko: Authentication bypass in transport.py

It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko...

openssh: Improper write operations in readonly mode allow for zero-length file creation

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

python-paramiko: Authentication bypass in transport.py

It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko...

UBUNTU-CVE-2018-7750

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as...

ALPINE-CVE-2016-10012

The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...