CVE-2020-26301 Command injection in mscdex/ssh2

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted...

CVE-2020-26301

CVE-2020-26301 affects the ssh2 Node.js package (mscdex/ssh2). The vulnerability is a command injection in ssh2 prior to version 1.4.0, occurring on Windows when a vulnerable method is invoked with untrusted input. If exploited, this could lead to remote code execution. The issue is addressed in ...

Object injection via local phar file

This is a security release. SECURITY Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as ssh2 Ensure method signature consisten...

libssh2 security update

CentOS Errata and Security Advisory CESA-2020:3915 An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 7 : libssh2 (RHSA-2020:3915)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3915 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. Security Fixes: libssh2: integer overflow in SSHMSGDISCONNECT logic in...

Moderate: Red Hat Security Advisory: libssh2 security update

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

AbsoluteTelnet 11.21 - (Username) Denial of Service Exploit

Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service PoC Discovered by: Xenofon Vassilakopoulos Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe Tested Version: 11.21 Vulnerability Type: Denial of...

AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service PoC Discovered by: Xenofon Vassilakopoulos Discovered Date: 2020-05-21 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe Tested Version: 11.21...

Debian: Security Advisory (DLA-2184-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2184-1] jsch security update

Package : jsch Version : 0.1.51-1+deb8u1 CVE ID : CVE-2016-5725 It was discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol. For Debian 8 "Jessie", this problem has been fixed in version 0.1.51-1+deb8u1. We recommend that you upgrade yo...

AbsoluteTelnet 11.12 Denial Of Service

Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability Typ...

AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability...

AbsoluteTelnet 11.12 - (SSH2/username) Denial of Service Exploit

Exploit Title: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service PoC Discovery by: chuyreds Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability Type: Denial of Service DoS...

Fedora Update for libssh2 FEDORA-2019-91529f19e4

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: libssh2-1.9.0-3.fc31

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

libssh2 security update

CentOS Errata and Security Advisory CESA-2019:2136 An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 7 : libssh2 (RHSA-2019:2136)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2136 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. The following packages have been upgraded to a later upstream...

Oracle Linux 7 : libssh2 (ELSA-2019-1884)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1884 advisory. 1.4.3-12.0.1.el76.3 - Bump and rebuild. 1.4.3-12.el76.3 - fix out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 Tenab...

Moderate: Red Hat Security Advisory: libssh2 security, bug fix, and enhancement update

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Fedora Update for libssh2 FEDORA-2019-5885663621

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...