Nutanix AOS and Prism suffer from an SFTP authentication bypass vulnerability.
db1b7758485522391a2551e8ed44a35d72e4628257e92047f3b4e13e8d79ab80
Paramiko version 2.4.1 suffers from an authentication bypass vulnerability.
8fdbbce25bd59a254eeb170eef568cb4827b7c0fac06fec6764692bcc9747b33
Red Hat Security Advisory 2018-1972-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Issues addressed include bypass and code execution vulnerabilities.
b140dd006daf760c636deaa14803fc48a9e08b6f5c14a57c32fa7e771317d912
Red Hat Security Advisory 2018-1525-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance. Issues addressed include bypass and code execution vulnerabilities.
e6a5fd51eb4bbc1336b92b87cd4b3f9f18abfe888ced6b32d3df237fff97585f
Red Hat Security Advisory 2018-1328-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include backup related, bypass, and code execution vulnerabilities.
b19e64c598c25f53ece8314ad1b6b240a0eb87dc98819f4541ad1d70d222c4f8
Red Hat Security Advisory 2018-1274-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. The following packages have been upgraded to a later upstream version: python-paramiko. Issues addressed include a bypass vulnerability.
5a162a410e015621060082f9069e1f4b6660aa3afa2edab19ed988184231de74
Red Hat Security Advisory 2018-1213-02 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
1df1649f7680fb00e771e7c01cd1480e5c94068d2c416d51b43ef7b2c6a5ba1c
Red Hat Security Advisory 2018-1124-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
373d3c840e3e13c9100fe89bf988b5d9d961b6c51e3797706f20e7260afd8e97
Red Hat Security Advisory 2018-1125-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
69e4f2ec093114c78bb5114762cef0781c483b82c5319db0d33397f47ef33923
Red Hat Security Advisory 2018-0646-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
ca67dfa87fab4d316b9bf2de2719cd1dc8de2e11e472e46f9c80fb87fc28cc76
Red Hat Security Advisory 2018-0591-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
9466c7fad42a7b2db119a2fd8ed5038da83e1f2e069300c3ca745f69d0391801
Ubuntu Security Notice 3603-2 - USN-3603-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 12.04 ESM. Matthijs Kooijman discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
0dba1780104df54d79e6059d50386a9e081391f92e1021c92e3023fc6cc33aba
Ubuntu Security Notice 3603-1 - Matthijs Kooijman discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code.
65cdafbb08b17ca0dab20595320dbe4f87f97a8389c628e2f58e580a9c755f6f