NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0073)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote...

libssh2: Integer overflow in transport read resulting in out of bounds write

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

Medium: libssh2

Issue Overview: An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory. CVE-2019-3858 An out of bounds read fla...

CVE-2019-13115

In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or caus...

CVE-2019-13115

In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or caus...

CVE-2019-13115

In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or caus...

ALPINE-CVE-2019-13115

In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or caus...

libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

CVE-2019-13115

In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or caus...

CVE-2019-13115

In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or caus...

CVE-2019-13115

CVE-2019-13115 affects libssh2 prior to 1.9.0, where kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c can overflow an integer, leading to an out-of-bounds read when processing server packets. The vulnerability could allow a remote attacker controlling a SSH server to disclose...

openSUSE Security Update : openssh (openSUSE-2019-1602)

This update for openssh fixes the following issues : Security vulnerabilities addressed : - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. -...

Security update for openssh (moderate)

openSUSE Security Update: Security update for openssh Announcement ID: openSUSE-SU-2019:1602-1 Rating: moderate References: 1065237 1090671 1119183 1121816 1121821 1131709 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: openSUSE Leap 42.3 An update that solves two vulnerabilities...

SUSE-SU-2019:1524-1 Security update for openssh

This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers bsc1121816. -...

ipswitch WS_FTP Server Directory Traversal Vulnerability

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. An attacker can use this vulnerability to write files and create directories outside of their authorized...

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24247)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain pathnames on the host operating system via the SCP...

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24249)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain WSFTP usernames and filenames via the SCP protocol...

CVE-2019-12144

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...

EulerOS Virtualization for ARM 64 3.0.1.0 : libssh2 (EulerOS-SA-2019-1393)

According to the versions of the libssh2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and...

EulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1360)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote...