K14756743: OpenSSH vulnerability CVE-2021-28041

Security Advisory Description ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. CVE-2021-28041 Impact There is...

K31440025: OpenSSH vulnerability CVE-2016-10009

Security Advisory Description Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket. CVE-2016-10009 Impact Running the ssh-agent program requires a...

SUSE CVE-2016-10009

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...

Vulnerabilities fixed in MobaXterm

Vulnerabilities have been fixed in Mobatek MobaXterm. The vulnerability allows a malicious party to bypass authentication bypass and connect unauthenticated via the SSH or SFTP protocol. Furthermore, a malicious party can perform a denial-of-service DoS exploit on the SFTP protocol. The...

OESA-2022-2083 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

Malicious Package

Overview chrome-ssh-agent is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious code in chrome-ssh-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba428b9ebe2369390d5f53d0a930ddd41afab160b3f87a15471b2c4476d4c300 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-36633

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

Command injection

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

Teleport 9.3.6 Command Injection

Description:Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user i...

Fixed CVE-2016-10009 in openssh-5.3p1

CVE-2016-10009: add whitelist of paths which may ssh-agent load from in order to prevent execution of arbitrary local pkcs11...

CLSA-2022-1656962023 Fixed CVE-2016-10009 in openssh-5.3p1

CVE-2016-10009: add whitelist of paths which may ssh-agent load from in order to prevent execution of arbitrary local pkcs11...

GHSA-WWGX-94V6-FC2P Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. As of version 1.16, the plugin no longer logs the ssh-add invocation that...

openSUSE: Security Advisory for openssh (openSUSE-SU-2021:4153-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Mageia: Security Advisory (MGASA-2017-0093)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2021-0261)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Jenkins Permissions and Access Control Issues Vulnerability

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins SSH Agent Plugin 1.23 previously had a security vulnerability that stemmed from a lack of privilege checking, whi...

Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs

Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

GHSA-9WXH-JJJ5-67CV Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs

Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

CVE-2022-20620

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...