Download
| Alert*
oval:org.secpod.oval:def:61514
libssh: A tiny C SSH library libssh could be made to run programs under certain conditions. oval:org.secpod.oval:def:67975 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh . Security Fix: * libssh: denial of service when handling AES-CTR ciphers * libssh: unsanitized location ... oval:org.secpod.oval:def:89003413 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution . oval:org.secpod.oval:def:89003093 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution . oval:org.secpod.oval:def:504749 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh . Security Fix: * libssh: denial of service when handling AES-CTR ciphers * libssh: unsanitized location ... oval:org.secpod.oval:def:89050346 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location . oval:org.secpod.oval:def:89050529 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution . oval:org.secpod.oval:def:89050640 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution . oval:org.secpod.oval:def:1801653 When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of ssh_scp_new, it would become possible for an attacker to inject arbitrary comma ... oval:org.secpod.oval:def:1504155 [0.9.4-2] - Do not return error when server properly closed the channel - Add a test for CVE-2019-14889 - Do not parse configuration file in torture_knownhosts test [0.9.4-1] - Update to version 0.9.4 https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ - Fixed CVE-2019 ... oval:org.secpod.oval:def:2500102 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. oval:org.secpod.oval:def:705311 libssh: A tiny C SSH library libssh could be made to run programs under certain conditions. oval:org.secpod.oval:def:89000176 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location . oval:org.secpod.oval:def:89000025 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location . oval:org.secpod.oval:def:89000347 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location . oval:org.secpod.oval:def:89051484 This update for libssh fixes the following issues: Update to version 0.9.8 : * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Allow @ in usernames whe ... oval:org.secpod.oval:def:89051497 This update for libssh fixes the following issues: Update to version 0.9.8 : * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Allow @ in usernames whe ... |