Lucene search
K
NetappOntap Select Deploy

8 matches found

CVE
CVE
added 2018/08/28 8:0 a.m.12872 views

CVE-2018-15919

CVE-2018-15919 affects OpenSSH up to version 7.8, where Remotely observable behaviour in auth-gss2.c could allow a remote attacker to enumerate existing usernames when GSS2 is used. The IBM/linked bulletin explicitly notes the discoverer’s statement that username enumeration is not treated as a v...

5.3CVSS5.3AI score0.03557EPSS
In wild
CVE
CVE
added 2019/01/10 12:0 a.m.5804 views

CVE-2018-20685

CVE-2018-20685 affects OpenSSH scp client: scp.c allows remote servers to bypass access restrictions via the filename "." or an empty filename, potentially enabling modification of the client-directory permissions. Multiple advisories confirm this vulnerability and fix paths: Arch Linux ASA-20190...

5.3CVSS6.3AI score0.03681EPSS
In wild
CVE
CVE
added 2018/08/17 12:0 a.m.5733 views

CVE-2018-15473

OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...

5.9CVSS5.8AI score0.98631EPSS
CVE
CVE
added 2019/01/31 12:0 a.m.5567 views

CVE-2019-6110

CVE-2019-6110 (OpenSSH SCP client) affects OpenSSH 7.9. The vulnerability arises from accepting and displaying arbitrary stderr output from the SCP server, allowing a malicious server or MITM to spoof SCP client output and potentially mask or override transferred files. Connected advisories confi...

6.8CVSS6.2AI score0.20906EPSS
In wild
CVE
CVE
added 2019/01/31 12:0 a.m.4872 views

CVE-2019-6109

OpenSSH 7.9 contains CVE-2019-6109: missing character encoding in the progress display allows a malicious server/MITM to spoof scp client output by crafting object names (refresh_progress_meter in progressmeter.c). The vulnerability can enable spoofing of file transfer output; related issues incl...

6.8CVSS6.7AI score0.03807EPSS
In wild
CVE
CVE
added 2019/02/27 11:0 p.m.925 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2017/11/13 10:0 p.m.305 views

CVE-2016-8610

CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...

7.5CVSS7.4AI score0.39657EPSS
CVE
CVE
added 2023/05/03 2:34 p.m.84 views

CVE-2023-28656

CVE-2023-28656 – NGINX Management Suite : An authenticated attacker may bypass authorization to access configuration objects outside their assigned environment, a control-plane issue with no data-plane exposure reported. The vulnerability affects NGINX Management Suite components (NGINX Instance ...

8.1CVSS8.1AI score0.00528EPSS