A vulnerability was found in libssh's server-side state machine prior to 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libssh libssh |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
canonical ubuntu linux 14.04 |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |
||
redhat enterprise linux 7.0 |
||
netapp oncommand unified manager |
||
netapp oncommand workflow automation - |
||
netapp snapcenter - |
||
netapp storage automation store - |
||
oracle mysql workbench |
Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then
Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are rated “critical”. We hope your support contracts are up-to-date to receive these fixes. The full list is here, and with so much to choose from, The Register will work through the top-rated bugs. Oracle Communications Applications (OCA) is home to nine of the vulnerabilities in various components: Oracle E-Business' Perf...
And you'll definitely want to check out the libssh flaw
Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products. The October release covers the gamut of Oracle's offerings, including its flagship Database, E-Business Suite, and Fusion Middleware packages. For Database, the update addresses a total of three flaws. Two of the vulnerabilities (CVE-2018-3259 and CVE-2018-3299) can be remotely exploited without authentication, while the third, CVE-2018-7489, would require th...