838 matches found
CVE-2019-16552
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...
Code injection
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...
CVE-2019-16552
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...
Cisco IOS XE Software Secure Shell Connection on VRF (cisco-sa-20190109-ios-ssh-vrf)
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the access control logic of the Secure Shell SSH server due to a missing check in the SSH server. An authenticated, remote attacker can exploit this, by providing valid credentials to access a device i...
Cisco IOS Software Secure Shell Connection on VRF (cisco-sa-20190109-ios-ssh-vrf)
According to its self-reported version, Cisco IOS Software is affected by a vulnerability in the access control logic of the Secure Shell SSH server due to a missing check in the SSH server. An authenticated, remote attacker can exploit this, by providing valid credentials to access a device in...
EulerOS 2.0 SP2 : libssh2 (EulerOS-SA-2019-2473)
According to the version of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to...
Updated libssh2 packages fix security vulnerability
The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be...
Code injection
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay th...
CVE-2019-18241
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay th...
Debian DLA-1991-1 : libssh2 security update
In libssh2, SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on th...
Protect
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an unauthenticated attacker to cause the SSL VPN user session to break Denial of service and possibly to run arbitrary code via specially crafted packets sent from a malicious SSH...
[SECURITY] [DLA 1991-1] libssh2 security update
Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server m...
CVE-2019-3857
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...
The vulnerability of the _libssh2_packet_require and _libssh2_packet_requirev functions in the libssh2 library allows a attacker to cause a service failure or gain unauthorized access to protected information.
The vulnerability of the libssh2packetrequire and libssh2packetrequirev functions in the libssh2 library involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or gain unauthorized access to protected...
The vulnerability of the libssh2 library, related to integer overflows, allows an attacker to execute arbitrary code.
The vulnerability of the libssh2 library is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by connecting to an SSH server...
CVE-2019-10472
A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10472
A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10471
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10471
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...