EulerOS 2.0 SP8 : python-paramiko (EulerOS-SA-2020-1588)

According to the version of the python-paramiko packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that ca...

Huawei Data Communication: SSH Server Version

The SSH version 1.0 is considered as insecure and thus should not be used. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Huawei Data Communication: Read ssh server status

Get the current SSH server configuration of the VRP device. Note: This script only stores information for other Policy Controls. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

libssh2 < 1.8.1 Integer Overflow Vulnerability.

An integer overflow condition exists in libssh2 before 1.8.1 due to the way packets are read from the server. An authenticated, local attacker can exploit this if they have already compromised an SSH server. The attacker may be able to execute code on the system of users who connect to the SSH...

CVE-2018-7750

It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko...

CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...

CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution Vulnerabilities

Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities. Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution The HTML version on "Multiple vulnerabilities found in Zyxe...

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution

Hello, Please find a text-only version below sent to security mailing lists. The HTML version on "Multiple vulnerabilities found in Zyxel CNM SecuManager" is posted here: https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html === text-version of the advisory ===...

CVE-2018-10933

Description libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could...

CVE-2020-2147

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2020-2148

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2020-2148

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2020-2147

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

Design/Logic Flaw

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2020-2148

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2020-2148

CVE-2020-2148 affects Jenkins Mac Plugin (versions 1.1.0 and earlier). The root cause is a missing permission check that allows attackers with Overall/Read to connect to an attacker-specified SSH server using attacker-specified credentials. The connected documents confirm the vulnerability detail...

CVE-2020-2147

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

PT-2020-15358 · Jenkins · Jenkins Mabl Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mac Plugin versions 1.1.0 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. Recommendations: For Jenkins Mac Plugin versio...