SaltStack < 3002 Multiple Vulnerabilities

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - eauth is not sufficiently validated when calling Salt SSH via the salt-api. Any value for 'eauth' or 'token' will allow a user to bypass authentication a...

Fedora: Security Advisory for putty (FEDORA-2020-f4dba093f1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: putty-0.74-1.fc31

Putty is a SSH, Telnet & Rlogin client - this time for Linux...

FreeBSD : PuTTY -- Release 0.74 fixes two security vulnerabilities (6190c0cd-b945-11ea-9401-2dcf562daa69)

Simon Tatham reports : Release 0.74 fixes the following security issues : - New configuration option to disable PuTTY's default policy of changing its host key algorithm preferences to prefer keys it already knows. There is a theoretical information leak in this policy. CVE-2020-14002 - In some...

About the security content of watchOS 6.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

DEBIAN-CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks...

CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks...

Code injection

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks...

CVE-2020-3917

CVE-2020-3917 affects Apple platforms (iOS 13.4/iPadOS 13.4, tvOS 13.4, watchOS 6.2). A local application could use an SSH client via private frameworks due to an entitlement issue; Apple addressed this with a new entitlement and patched versions. Public references indicate the vulnerability is f...

CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks...

About the security content of watchOS 6.2

About the security content of watchOS 6.2 This document describes the security content of watchOS 6.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of tvOS 13.4

About the security content of tvOS 13.4 This document describes the security content of tvOS 13.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

TEA - Ssh-Client Worm

A ssh-client worm made with tas framework. How it works? This is a fakessh-client that manipulates the tty input/output to execute arbitrary commands and upload itself through the ssh connection. To work properly, the remote machine needs: display the "Last login" message when login. dd and stty...

Signature Verification With Malformed Public Keys

github.com/golang/crypto is vulnerable to signature verification with malformed public keys. The vulnerability exists because it does not handle malformed ed25519 public keys properly, allowing a malicious SSH client to provide malicious a ssh-ed25519 or [email protected] public keys to...

CVE-2020-9283

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

Command injection

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

PYSEC-2020-177

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...