Openssh 5.3



  1. Linux Openssh Server
  2. Openssh 5.3p1 Debian 3ubuntu7
  3. Openssh For Windows
  4. Git Config Ssh Key
Openssh

OpenSSH 5.3+ w/ RedHat/CentOS patch (old) File: /etc/ssh/sshdconfig # Allow keyboard-interactive. # IMPORTANT: you will have to ensure OpenSSH cannot authenticate with passwords with PAM in /etc/pam.d/sshd # 'PasswordAuthentication no' is not sufficient! RequiredAuthentications2 publickey,keyboard-interactive:skey PasswordAuthentication no. Openssh 5.0 with aix 5.3. Aix Thread Tools: Search this Thread: Operating Systems AIX openssh 5.0 with aix 5.3 # 1 itik. Registered User. Join Date: Oct 2007. Last Activity: 17 December 2017, 7:57 PM EST. Location: Toronto, Ontario.

Openssh 5.3Exploit

Search Results (Refine Search)

Linux Openssh Server

There are 152,652 matching records.

Openssh 5.3p1 Debian 3ubuntu7

5.3

Openssh For Windows

Openssh 5.3

Git Config Ssh Key

Vuln ID Summary CVSS Severity
CVE-2021-30502

The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.

Published:April 24, 2021; 11:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31712

react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.

Published:April 24, 2021; 5:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31794

Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.

Published:April 24, 2021; 4:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31795

The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.

Published:April 24, 2021; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31598

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.

Published:April 24, 2021; 1:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31791

In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.

Published:April 23, 2021; 6:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31584

Sipwise C5 NGCP CSC through CE_m39.3.1 allows call/click2dial CSRF attacks for actions with administrative privileges

Published:April 23, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31583

Sipwise C5 NGCP CSC through CE_m39.3.1 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

Published:April 23, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-29158

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.

Published:April 23, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-25899

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.

Published:April 23, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-25898

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.

Published:April 23, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7036

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.

Published:April 23, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7035

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.

Published:April 23, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7034

A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x

Published:April 23, 2021; 5:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-17542

Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the 'Task Detail' comment window of the '/dotAdmin/#/c/workflow' component.

Published:April 23, 2021; 5:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-31780

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.

Published:April 23, 2021; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-29470

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.

Published:April 23, 2021; 3:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20089

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.

Published:April 23, 2021; 3:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20086

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.

Published:April 23, 2021; 3:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-20085

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype.

Published:April 23, 2021; 3:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)