Download
| Alert*
|
oval:org.secpod.oval:def:1076
The host is installed with OpenSSH and is prone to information disclosure vulnerability. A flaw is present in key_certify function which fails to properly generate legacy certificates using the -t command-line option in ssh-keygen and does not initialize the nonce field. Successful exploitation coul ... oval:org.secpod.oval:def:30042 The host is installed with OpenSSH 6.6 and earlier and is prone to a security bypass vulnerability. A flaw is present in key_certify function which, fails to properly handle an unacceptable HostCertificate. Successful exploitation allows remote servers to trigger the skipping of SSHFP DNS RR checkin ... oval:org.secpod.oval:def:557 The host is installed with OpenSSH and is prone to denial of service vulnerability. A flaw is present in sftp-glob.c and sftp.c, which fail to validate the pathnames passed to its functions. Successful exploitation could allow remote attackers to cause a denial of service. oval:org.mitre.oval:def:11511 OpenSSH (32 bit) is installed oval:org.secpod.oval:def:40349 The host is installed with OpenSSH before 7.2 and is prone to an access control vulnerability. A flaw is present in the application, which fails to properly generate cookie. Successful exploitation could allow remote attackers to to trigger a fallback and obtain trusted X11 forwarding privileges. oval:org.secpod.oval:def:39004 The host is installed with OpenSSH before 7.3 and is prone to an unspecified vulnerability. A flaw is present in sshd, which does not properly handle SHA256 or SHA512 are used for user password hashing. Successful exploitation could allow remote attackers to enumerate users by leveraging the timing ... oval:org.secpod.oval:def:30262 The host is installed with OpenSSH 6.8 or 6.9 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle device writing. Successful exploitation allows local users to cause a denial of service (terminal disruption) or possibly have unspeci ... oval:org.secpod.oval:def:30263 The host is installed with OpenSSH before 7.0 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows local users to gain privileges. oval:org.secpod.oval:def:30041 The host is installed with OpenSSH and is prone to a security bypass vulnerability. A flaw is present in x11_open_helper function which, lacks a check of the refusal deadline for X connections. Successful exploitation could allow an attacker to bypass intended access restrictions. oval:org.secpod.oval:def:58987 The host is installed with OpenSSH 7.7 through 7.9 and 8.x before 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the crafted XMSS key. Successful exploitation could allow a malicious server to corrupt memory. oval:org.secpod.oval:def:47277 The host is installed with OpenSSH through 7.8 and is prone to a user enumeration vulnerability. A flaw is present in the application, which fails to properly handle an issue in auth-gss2.c. Successful exploitation could allow remote attackers to identify existing users on a target machine. oval:org.secpod.oval:def:25 The host is installed with OpenSSH version 5.6 or lower and is prone to security bypass vulnerability. A flaw is present in J-PAKE protocol which fails to validate the knowledge of shared secret. Successful exploitation could allow an attacker to authenticate without proper credentials by sending ma ... oval:org.secpod.oval:def:33651 The host is installed with OpenSSH before 7.2p2 and is prone to multiple CRLF injection vulnerabilities. The flaws are present in session.c in sshd, which fails to handle crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Successful exploitation coul ... oval:org.secpod.oval:def:32660 The host is installed with OpenSSH before 7.1p2 and is prone to denial of service vulnerability. A flaw is present in ssh_packet_read_poll2 function in packet.c in the client, which fails to validate the pathnames passed to its functions. Successful exploitation could allow remote attackers to cause ... oval:org.secpod.oval:def:34243 The host is installed with OpenSSH through 7.2p2 and is prone to a privilege escalation vulnerability. A flaw is present in session.c in sshd, which fails to handle an LD_PRELOAD environment variable. Successful exploitation could allow local users to gain privileges by triggering a crafted environm ... oval:org.secpod.oval:def:30040 The host is installed with OpenSSH and is prone to a brute force attack vulnerability. A flaw is present in kbdint_next_device function which, fails to properly restrict the processing of keyboard-interactive devices within a single connection. Successful exploitation could allow an attacker to cond ... oval:org.secpod.oval:def:50193 The host is installed with OpenSSH through 7.9p1 or putty through 0.70 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp client utility. Successful exploitation could allow a malicious server to manipulate the cl ... oval:org.secpod.oval:def:47259 The host is installed with OpenSSH through 7.7 and is prone to an user enumeration vulnerability. A flaw is present in the application, which fails to properly handle an invalid authenticating user. Successful exploitation could allow remote attackers to identify existing users on a target machine. oval:org.secpod.oval:def:36709 The host is installed with OpenSSH before 7.3 and is prone to denial of service vulnerability. A flaw is present in auth_password function in auth-passwd.c in sshd, which does not limit password lengths for password authentication. Successful exploitation could allow remote attackers to cause a deni ... oval:org.secpod.oval:def:45296 The host is installed with OpenSSH before 7.6 and is prone to an improper write operations vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow remote attackers to create zero-length files. oval:org.secpod.oval:def:50194 The host is installed with OpenSSH through 7.9p1 or putty through 0.70 is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp client utility. Successful exploitation could allow a malicious server to manipulate the client ... oval:org.secpod.oval:def:50195 The host is installed with OpenSSH through 7.9p1 or WinSCP through 5.13 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp client utility. Successful exploitation could allow a malicious scp server to write arbitr ... oval:org.secpod.oval:def:50178 The host is installed with OpenSSH 7.9p1 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in scp.c in the scp client. Successful exploitation could allow remote attackers to bypass intended access restrictions via the file ... oval:org.secpod.oval:def:32661 The host is installed with OpenSSH before 7.1p2 and is prone to information disclosure vulnerability. A flaw is present in roaming_read and roaming_write functions in roaming_common.c, which when certain proxy and forward options are enabled, do not properly maintain connection file descriptors. Suc ... oval:org.secpod.oval:def:32659 The host is installed with OpenSSH before 7.1p2 and is prone to denial of service vulnerability. A flaw is present in resend_bytes function in roaming_common.c in the client, which fails to validate the pathnames passed to its functions. Successful exploitation could allow remote servers to obtain s ... oval:org.secpod.oval:def:30264 The host is installed with OpenSSH before 7.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows local users to gain privileges. oval:org.secpod.oval:def:33742 The host is installed with OpenSSH before 6.6 and is prone to a security bypass vulnerability. A flaw is present in sshd, which fails to properly support wildcards on AcceptEnv lines in sshd_config. Successful exploitation allows remote attackers to bypass intended environment restrictions. oval:org.secpod.oval:def:96108 The host is installed with OpenSSH through 9.6 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to properly handle the mm_answer_authpassword. Successful exploitation could allow row hammer attacks. oval:org.secpod.oval:def:38610 The host is installed with OpenSSH before 7.4 and is prone to an information disclosure vulnerability. A flaw is present in sshd, which fails to properly consider the effects of realloc on buffer contents. Successful exploitation could allow local users to obtain sensitive private-key information. oval:org.secpod.oval:def:38611 The host is installed with OpenSSH before 7.4 and is prone to a privilege escalation vulnerability. A flaw is present in sshd, which creates forwarded Unix-domain sockets as root. Successful exploitation could allow local users to gain privileges via unspecified vectors, related to serverloop.c. oval:org.secpod.oval:def:38612 The host is installed with OpenSSH before 7.4 and is prone to an untrusted search path vulnerability. A flaw is present in sshd, which fails to handle crafted data. Successful exploitation could allow remote attackers to execute arbitrary local PKCS#11 modules. oval:org.secpod.oval:def:38609 The host is installed with OpenSSH before 7.4 and is prone to a privilege escalation vulnerability. A flaw is present in sshd, which fails to ensure that a bounds check is enforced by all compilers. Successful exploitation could allow local users to gain privileges by leveraging access to a sandboxe ... |
