Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10472

The CVE-2019-10472 involves Jenkins Libvirt Slaves Plugin where a missing permission check allows attackers with Overall/Read to initiate SSH connections to an attacker-controlled server using attacker-controlled credentials IDs, potentially capturing credentials stored in Jenkins. The connected ...

CVE-2019-10472

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10471

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2019-11865 · Jenkins · Jenkins Libvirt Slaves Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Libvirt Slaves Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs, potentially capturing...

PT-2019-11866 · Jenkins · Jenkins Libvirt Slaves Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Libvirt Slaves Plugin affected versions not specified Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified...

CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

CVE-2019-17498

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a...

Security Bulletin: Open Source Python-paramiko vulnerability affects IBM Netezza Host Management.

Summary Open Source Python-paramiko is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1000805 DESCRIPTION: Paramiko could allow a remote attacker to execute arbitrary code on the system, caused by an incorre...

Medium: libssh2

Issue Overview: An out of bounds read flaw was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory...

NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)

The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remot...

Amazon Linux AMI : libssh2 (ALAS-2019-1254)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.CVE-2019-3855 An integer...

NewStart CGSL MAIN 4.05 : python-paramiko Vulnerability (NS-SA-2019-0147)

The remote NewStart CGSL host, running version MAIN 4.05, has python-paramiko packages installed that are affected by a vulnerability: - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This...

Fedora 30 : libssh2 (2019-9d85600fc7)

A vulnerability was discovered in libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execut...

NewStart CGSL MAIN 4.05 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0169)

The remote NewStart CGSL host, running version MAIN 4.05, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker wh...

Important: libssh2

Issue Overview: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.CVE-2019-38...

NewStart CGSL MAIN 4.05 : python-paramiko Vulnerability (NS-SA-2019-0138)

The remote NewStart CGSL host, running version MAIN 4.05, has python-paramiko packages installed that are affected by a vulnerability: - It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customiz...

Fedora 29 : libssh2 (2019-5885663621)

A vulnerability was discovered in libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execut...