OpenSSH up to and including 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 18.04 |
||
netapp cn1610_firmware - |
||
netapp cloud backup - |
||
netapp data ontap edge - |
||
netapp ontap select deploy - |
||
netapp steelstore cloud integrated storage - |
||
netapp clustered data ontap - |
||
netapp service processor - |
||
netapp data ontap - |
||
netapp fas baseboard management controller - |
||
netapp aff baseboard management controller - |
||
netapp oncommand unified manager |
||
netapp virtual storage console |
||
netapp vasa_provider |
||
netapp storage_replication_adapter |
||
oracle sun zfs storage appliance kit 8.8.6 |
||
siemens scalance_x204rna_firmware |
Plus: Feds break up another 'dark-net drugs op'
Roundup Summer rolls on, Reg vultures are making the most of their hols before the September rush hits, and in the past week, we saw Lazarus malware targeting Macs, Adobe scrambling to get an emergency patch out, and Democrats losing their minds over a simple training exercise. Here's what else went down... Researchers at Project Insecurity have detailed a vulnerability in SOLEO's IP relay technology that disclosed sensitive files on affected installations. For example, the following HTTPS reque...