260 matches found
CVE-2022-21716 Buffer Overflow in Twisted
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...
CVE-2022-21716
CVE-2022-21716 affects Twisted (Python, event-driven networking framework). The issue arises in Twisted SSH client/server where, prior to 22.2.0, the peer SSH version identifier can be fed an unlimited amount of data, causing a memory-exhaustion vulnerability (buffer growth). The example of explo...
Mageia: Security Advisory (MGASA-2015-0137)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for OS Command Injection in Saltstack Salt
CVE-2020-16846-Saltstack-Salt-API Vulnerability Explained: An...
NetSarang Xshell has an unspecified vulnerability
NetSarang Xshell is an ssh client from NetSarang. NetSarang Xshell 7.0.0.76 previously contained a security vulnerability that could be exploited by an attacker to cause a crash by triggering a quick change in the title bar...
Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root
!/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: CTM-ONE 1.3.6-latest CTM-ONE 1.3.1 CTM-ONE 1.1.9 CTM200 2.7.1.5659-latest CTM200 2.0.5.3356-184 Summar...
CVE-2020-9283
A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server...
CVE-2021-31580
The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...
OS Command Injection
salt is vulnerable to OS command injection. The ssh client in salt API allows an attacker to inject and execute arbitrary OS commands via ProxyCommand or sshoptions...
SUSE SLES15 Security Update : salt (SUSE-SU-2021:0631-1)
This update for salt fixes the following issues : Fix regression on cmd.run when passing tuples as cmd bsc1182740 Allow extrafilerefs as sanitized kwargs for SSH client Fix errors with virt.update Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148...
SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2021:0630-1)
This update for salt fixes the following issues : Fix regression on cmd.run when passing tuples as cmd bsc1182740 Allow extrafilerefs as sanitized kwargs for SSH client Fix errors with virt.update Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148...
SUSE SLES15 Security Update : salt (SUSE-SU-2021:0628-1)
This update for salt fixes the following issues : Fix regression on cmd.run when passing tuples as cmd bsc1182740 Allow extrafilerefs as sanitized kwargs for SSH client Fix errors with virt.update Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148...
SaltStack Salt shell injection vulnerability
SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A shell injection vulnerability exists in the ssh client of the salt-api in...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
PYSEC-2021-57
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
PYSEC-2021-57
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...