Nutanix AOS and Prism suffer from an SFTP authentication bypass vulnerability.
db1b7758485522391a2551e8ed44a35d72e4628257e92047f3b4e13e8d79ab80Paramiko version 2.4.1 suffers from an authentication bypass vulnerability.
8fdbbce25bd59a254eeb170eef568cb4827b7c0fac06fec6764692bcc9747b33Red Hat Security Advisory 2018-1972-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Issues addressed include bypass and code execution vulnerabilities.
b140dd006daf760c636deaa14803fc48a9e08b6f5c14a57c32fa7e771317d912Red Hat Security Advisory 2018-1525-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance. Issues addressed include bypass and code execution vulnerabilities.
e6a5fd51eb4bbc1336b92b87cd4b3f9f18abfe888ced6b32d3df237fff97585fRed Hat Security Advisory 2018-1328-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include backup related, bypass, and code execution vulnerabilities.
b19e64c598c25f53ece8314ad1b6b240a0eb87dc98819f4541ad1d70d222c4f8Red Hat Security Advisory 2018-1274-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. The following packages have been upgraded to a later upstream version: python-paramiko. Issues addressed include a bypass vulnerability.
5a162a410e015621060082f9069e1f4b6660aa3afa2edab19ed988184231de74Red Hat Security Advisory 2018-1213-02 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
1df1649f7680fb00e771e7c01cd1480e5c94068d2c416d51b43ef7b2c6a5ba1cRed Hat Security Advisory 2018-1124-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
373d3c840e3e13c9100fe89bf988b5d9d961b6c51e3797706f20e7260afd8e97Red Hat Security Advisory 2018-1125-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
69e4f2ec093114c78bb5114762cef0781c483b82c5319db0d33397f47ef33923Red Hat Security Advisory 2018-0646-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
ca67dfa87fab4d316b9bf2de2719cd1dc8de2e11e472e46f9c80fb87fc28cc76Red Hat Security Advisory 2018-0591-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
9466c7fad42a7b2db119a2fd8ed5038da83e1f2e069300c3ca745f69d0391801Ubuntu Security Notice 3603-2 - USN-3603-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 12.04 ESM. Matthijs Kooijman discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
0dba1780104df54d79e6059d50386a9e081391f92e1021c92e3023fc6cc33abaUbuntu Security Notice 3603-1 - Matthijs Kooijman discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code.
65cdafbb08b17ca0dab20595320dbe4f87f97a8389c628e2f58e580a9c755f6f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed