GO-2024-2836 sshproxy vulnerable to SSH option injection in github.com/cea-hpc/sshproxy

sshproxy vulnerable to SSH option injection in github.com/cea-hpc/sshproxy...

sshproxy vulnerable to SSH option injection

Impact Any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are impacted. Patches The problem is patched starting on version 1.6.3 Workarounds The only workaround is to use the forcecommand option in...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-1798)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously...

curl -- multiple vulnerabilities

Harry Sintonen reports: CVE-2023-27533 curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl...

SUSE CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

PT-2015-3444

Name of the Vulnerable Software and Affected Versions OpenSSH versions through 6.9 Description The issue is related to the kbdint next device function in the OpenSSH sshd service, which does not properly restrict the processing of keyboard-interactive devices within a single connection. This make...