Download
| Alert*
|
oval:org.secpod.oval:def:39718
The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:43676 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:38610 The host is installed with OpenSSH before 7.4 and is prone to an information disclosure vulnerability. A flaw is present in sshd, which fails to properly consider the effects of realloc on buffer contents. Successful exploitation could allow local users to obtain sensitive private-key information. oval:org.secpod.oval:def:39655 The host is installed with Apple Mac OS X or Server 10.12.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly consider the effects of realloc on buffer contents. Successful exploitation could allow local users to obtain sensitive p ... oval:org.secpod.oval:def:111858 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:703960 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:52197 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:89044728 This update for openssh fixes several issues. These security issues were fixed: - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service by sending many duplicate KEXINIT requests . - CVE-2016-10012: The shared memory manager did not ensure tha ... oval:org.secpod.oval:def:502089 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * A covert timin ... oval:org.secpod.oval:def:1600784 A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. It was found that OpenSSH did not limit password lengths f ... oval:org.secpod.oval:def:204642 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * A covert timin ... oval:org.secpod.oval:def:1800880 CVE-2016-10009: loading of untrusted PKCS#11 modules in ssh-agent. Ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a forwarded agent channel could potentially use this flaw to execute arbitrary code on the syste ... oval:org.secpod.oval:def:89044574 This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation - CVE-2016-10011: Prevent possible leaks of host private keys to l ... oval:org.secpod.oval:def:2100951 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. oval:org.secpod.oval:def:51978 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:39947 The host is missing a patch containing security fixes, which affects the following package(s):openssh.base.server and openssh.base.client oval:org.secpod.oval:def:1501987 The advisory is missing the security advisory description. For more information please visit the reference link |
