Download
| Alert*
oval:org.secpod.oval:def:58797
The host is missing a security update according to the Apple advisory APPLE-SA-2019-9-26-7 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle multiple issues. Successful exploitation allows attackers to execute arbitrary code with user ... oval:org.secpod.oval:def:89003407 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets . - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet . - CVE-2019-3860: Fixed Out-of- ... oval:org.secpod.oval:def:89003052 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets . - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet . - CVE-2019-3860: Fixed Out-of- ... oval:org.secpod.oval:def:54505 Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code. oval:org.secpod.oval:def:116149 libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER*, SECSH-DHGEX, and SECSH-NUMBERS. oval:org.secpod.oval:def:1601039 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.An integer overflow flaw which ... oval:org.secpod.oval:def:116213 libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER*, SECSH-DHGEX, and SECSH-NUMBERS. oval:org.secpod.oval:def:1801361 CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2 oval:org.secpod.oval:def:1801342 CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2 oval:org.secpod.oval:def:1801343 CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2 oval:org.secpod.oval:def:1801344 CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2 oval:org.secpod.oval:def:2105005 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. oval:org.secpod.oval:def:89000149 This update for libssh2_org fixes the following issues: - Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading ... oval:org.secpod.oval:def:58798 The host is installed with Xcode before 11.0 on Apple Mac OS X 10.14.4 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle multiple issues in libssh2. Successful exploitation allows an attacker to execute arbitrary ... oval:org.secpod.oval:def:59766 empty oval:org.secpod.oval:def:205182 The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix: * libssh2: Integer overflow in transport read resulting in out of bounds write * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write * libssh2: Integer overflow in SSH pa ... oval:org.secpod.oval:def:603849 Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code. oval:org.secpod.oval:def:205229 The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix: * libssh2: Integer overflow in transport read resulting in out of bounds write * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write * libssh2: Integer overflow in SSH pa ... oval:org.secpod.oval:def:502635 The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix: * libssh2: Integer overflow in transport read resulting in out of bounds write * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write * libssh2: Integer overflow in SSH pa ... oval:org.secpod.oval:def:503173 The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix: * libssh2: Integer overflow in transport read resulting in out of bounds write * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write * libssh2: Integer overflow in SSH pa ... oval:org.secpod.oval:def:1700160 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.An integer overflow flaw ... oval:org.secpod.oval:def:1502477 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502559 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502714 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:1502637 The advisory is missing the security advisory description. For more information please visit the reference link |