Lucene search
K

41 matches found

Tenable Nessus
Tenable Nessus
added 2019/07/03 12:0 a.m.26 views

Scientific Linux Security Update : libssh2 on SL6.x i386/x86_64 (20190702)

Security Fixes : - libssh2: Integer overflow in transport read resulting in out of bounds write CVE-2019-3855 - libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write CVE-2019-3856 - libssh2: Integer overflow in SSH packet processing channel resulting in out o...

9.3CVSS7AI score0.09219EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2019/03/28 12:0 a.m.66 views

libssh2 security update

1.4.3-12.el76.2 - sanitize public header file detected by rpmdiff 1.4.3-12.el76.1 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix integer overflow in SSH packet processing channel resulting in out of bounds write CVE-2019-3857 - fix...

9.3CVSS2.4AI score0.09219EPSS
Exploits0
OSV
OSV
added 2019/03/20 9:31 a.m.7 views

SUSE-SU-2019:0655-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets bsc1128490. - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet bsc1128492. -...

9.3CVSS8.9AI score0.09219EPSS
Exploits0References20
Veracode
Veracode
added 2019/03/19 3:21 a.m.25 views

Out Of Bounds Read

libssh2.so is vulnerable to denial of service. A malicious server is able to crash the process by sending malicious SSH packet with a padding length value greater than the packet length, which would result in an out-of-bounds read when the packet is decompressed...

9.1CVSS8.6AI score0.05118EPSS
Exploits0References12Affected Software2
OSV
OSV
added 2016/04/13 5:59 p.m.9 views

CVE-2015-3146

The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...

7.5CVSS7.2AI score0.0391EPSS
Exploits0References7
NVD
NVD
added 2016/04/13 5:59 p.m.21 views

CVE-2015-3146

The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...

7.5CVSS7.3AI score0.0391EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2016/04/13 5:0 p.m.47 views

CVE-2015-3146

The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...

7.5CVSS6.1AI score0.0391EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/02/24 12:0 a.m.8 views

The vulnerability of the OpenSSH cryptographic protection mechanism, which allows a hacker to trigger a service failure.

The vulnerability of the sshpacketreadpoll2 function in the packet.c file of the OpenSSH cryptographic protection mechanism is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure such as reading beyond the memory lim...

5CVSS7AI score0.14341EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2016/01/19 5:59 a.m.2 views

ALPINE-CVE-2016-1907

The sshpacketreadpoll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via crafted network traffic...

5.3CVSS6.8AI score0.14341EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/04 12:0 a.m.6 views

libssh 'ssh_packet_kexdh_init()' denial of service vulnerability

libssh is a C library that implements the SSH2 protocol. In versions of libssh before 0.6.5, an error in the "sshpacketkexdhinit" function src/server.c when processing SSHMSGNEWKEYS and SSHMSGKEXDHREPLY packets can be exploited to cause a denial of service...

7.5CVSS6.8AI score0.0391EPSS
Exploits0References1
OSV
OSV
added 2014/12/29 12:59 a.m.1 views

DEBIAN-CVE-2014-8132

Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet...

5CVSS6.8AI score0.05145EPSS
Exploits0References1
OSV
OSV
added 2014/12/28 12:0 a.m.4 views

UBUNTU-CVE-2014-8132

Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet...

5CVSS6.8AI score0.05145EPSS
Exploits0References5
Prion
Prion
added 2014/09/10 10:55 a.m.15 views

Code injection

The SSH module in the Integrated Management Controller IMC before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service IMC hang via a crafted SSH packet, aka Bug ID CSCuo69206...

5CVSS7AI score0.02584EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2009/02/26 4:17 p.m.17 views

Code injection

Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.3 and Cisco ACE 4710 Application Control Engine Appliance before A32.1 allows remote attackers to cause a denial of service device reload via a crafted SSH packet...

7.8CVSS7.1AI score0.01265EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2009/02/26 4:0 p.m.50 views

CVE-2009-0623

The CVE-2009-0623 entry applies to Cisco ACE Application Control Engine Module for Catalyst 6500/7600 and Cisco ACE 4710 Appliance. Affected vulnerabilities include Crafted SSH Packet which can cause the device to reload (DoS) when SSH access is configured. The Cisco advisory lists affected compo...

7.8CVSS6.6AI score0.01265EPSS
Exploits1References2Affected Software2
securityvulns
securityvulns
added 2009/02/26 12:0 a.m.62 views

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Document ID: 109450 Advisory ID: cisco-sa-20090225-ace...

10CVSS1.5AI score0.01839EPSS
Exploits1
securityvulns
securityvulns
added 2008/02/20 12:0 a.m.52 views

Two heap overflow in Foxit WAC Server 2.0 Build 3503

Luigi Auriemma Application: Foxit Remote Access Server WAC Server http://www.foxitsoft.com/wac/serverintro.php Versions: = 2.0 Build 3503 Platforms: Windows Bugs: A telnet option heap overflow B SSH packet heap overflow Exploitation: remote Date: 16 Feb 2008 Author: Luigi Auriemma e-mail:...

1.1AI score
Exploits0
NVD
NVD
added 2006/09/27 1:7 a.m.19 views

CVE-2006-4924

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service CPU consumption via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector...

7.8CVSS7.7AI score0.34666EPSS
Exploits1References79
CERT
CERT
added 2003/06/23 12:0 a.m.34 views

Cisco VPN 3000 Concentrator forces device to reload when processing malformed SSH initialization packet

Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to cause a denial of service. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed to provide secure...

5CVSS6.6AI score0.02131EPSS
Exploits0References2
NVD
NVD
added 2003/05/27 4:0 a.m.17 views

CVE-2003-0259

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service reload via a malformed SSH initialization packet...

5CVSS6.6AI score0.02131EPSS
Exploits0References3
Rows per page
Query Builder