EUVD-2024-26924

Malicious code in bioql PyPI...

CVE-2024-29950

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...

CVE-2024-29950

CVE-2024-29950 affects Brocade SANnav prior to 2.3.1 and 2.3.0a. The FileTransfer class uses the ssh-rsa signature scheme with SHA-1, enabling a remote, unauthenticated attacker to potentially perform a man-in-the-middle attack. Public disclosures from NVD, Red Hat, and Broadcom/Brocade advisorie...

The class FileTransfer implemented uses the ssh-rsa signature scheme (CVE-2024-29950)

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...

MGASA-2016-0128 Updated proftpd packages fix security vulnerability

A bug with security implications was found in the modtls module in ProFTPD before 1.3.5b. This module has a configuration option TLSDHParamFile to specify user-defined Diffie Hellman parameters. The software would ignore the user-defined parameters and use Diffie Hellman key exchanges with 1024...

Fedora 24 : proftpd-1.3.5b-1.fc24 (2016-ac3587be9a)

Cumulative maintenance release from upstream. Highlights are: SSH RSA hostkeys smaller than 2048 bits now work properly. MLSD response lines are now properly CRLF terminated. Fixed selection of DH groups from TLSDHParamFile CVE-2016-3125 Various other bug fixes are also included. Note that Tenabl...

Fedora 23 : proftpd-1.3.5b-1.fc23 (2016-977d57cf2d)

Cumulative maintenance release from upstream. Highlights are: SSH RSA hostkeys smaller than 2048 bits now work properly. MLSD response lines are now properly CRLF terminated. Fixed selection of DH groups from TLSDHParamFile CVE-2016-3125. Various other bug fixes are also included. Note that Tenab...

Fedora 22 : proftpd-1.3.5b-1.fc22 (2016-f95d8ea3ad)

Cumulative maintenance release from upstream. Highlights are: SSH RSA hostkeys smaller than 2048 bits now work properly. MLSD response lines are now properly CRLF terminated. Fixed selection of DH groups from TLSDHParamFile CVE-2016-3125. Various other bug fixes are also included. Note that Tenab...

Debian generated SSH-Keys working exploit

Hi Securityfocus, the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be used with the precalculated ssh keys to brute force the ssh login. It...

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be used with the precalculated ssh keys to brute force the ssh login. It works if such a key...