CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43565 – golang.org/x/crypto: empty plaintext packet causes panic
https://notcve.org/view.php?id=CVE-2021-43565
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. El paquete x/crypto/ssh versiones anteriores a 0.0.0-20211202192323-5770296d904e, de golang.org/x/crypto permite a un atacante entrar en pánico en un servidor SSH. There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service. • https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs https://access.redhat.com/security/cve/CVE-2021-43565 https://bugzilla.redhat.com/show_bug.cgi?id=2030787 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29652 – golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
https://notcve.org/view.php?id=CVE-2020-29652
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. Una desreferencia de puntero null en el componente golang.org/x/crypto/ssh versiones hasta v0.0.0-20201203163018-be400aefbc4c para Go, permite a atacantes remotos causar una denegación de servicio contra servidores SSH A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the `gssapi-with-mic` authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability. • https://go-review.googlesource.com/c/crypto/+/278852 https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://access.redhat.com/security/cve/CVE-2020-29652 https://bugzilla.redhat.com/show_bug.cgi?id=1908883 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000245
https://notcve.org/view.php?id=CVE-2017-1000245
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. El plugin SSH almacena credenciales, lo que permite que las tareas accedan a servidores remotos mediante el protocolo SSH. Las contraseñas de usuarios así como las frases utilizadas como contraseñas para claves SSH cifradas se almacenan en texto plano en un archivos de configuración. • https://jenkins.io/security/advisory/2017-07-10 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2011-0766
https://notcve.org/view.php?id=CVE-2011-0766
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. El generador de números aleatorios de la aplicación Crypto en versiones anteriores a la 2.0.2.2, y SSH anteriores a 2.0.5, como es usado en la librería Erlang/OTP ssh en versiones anteriores a la R14B03, utiliza semillas predecibles basadas en la fecha actual, lo que facilita a atacantes remotos adivinar el host DSA y las claves de sesión SSH. • http://secunia.com/advisories/44709 http://www.kb.cert.org/vuls/id/178990 http://www.securityfocus.com/bid/47980 https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5 • CWE-310: Cryptographic Issues •
CVSS: 7.2EPSS: 0%CPEs: 52EXPL: 2CVE-2002-1715 – SSH2 3.0 - Restricted Shell Escape (Command Execution)
https://notcve.org/view.php?id=CVE-2002-1715
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. • https://www.exploit-db.com/exploits/21398 http://online.securityfocus.com/archive/1/268446 http://www.securityfocus.com/bid/4547 https://exchange.xforce.ibmcloud.com/vulnerabilities/8908 •