Damien Miller

#7143de 53,638
38.2CVSS total
Vulnerabilidades · 5
Média
1
Alta
4
PT-2020-6184
7.1
2020-06-29
Openssh · Openssh · CVE-2020-14145
**Nome do software vulnerável e versões afetadas** Versões do OpenSSH de 5.7 a 8.4 **Descrição** O lado do cliente no OpenSSH apresenta uma discrepância observável que leva a um vazamento de informações na negociação do algoritmo. Isso permite que invasores do tipo “man-in-the-middle” ataquem tentativas de conexão iniciais nas quais nenhuma chave de host do servidor foi armazenada em cache pelo cliente. **Recomendações** Para as versões 5.7 a 8.4 do OpenSSH, atualize para uma versão posterior à 8.4 para resolver o problema. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.
PT-2016-5372
6.4
2016-03-16
Dropbear · Dropbear Ssh · CVE-2016-3116
**Name of the Vulnerable Software and Affected Versions** Dropbear SSH versions prior to 2016.72 **Description** The issue allows remote authenticated users to bypass intended shell-command restrictions. This is achieved by sending crafted X11 forwarding data, exploiting a CRLF injection vulnerability. **Recommendations** For versions prior to 2016.72, update to version 2016.72 or later to resolve the issue.
PT-2009-3901
7.5
2009-07-14
Mathtex · Mathtex · CVE-2009-1383
**Name of the Vulnerable Software and Affected Versions** mathTeX versions prior to 20090713 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `dpi` tag, specifically within the `getdirective` function in `mathtex.cgi`. **Recommendations** For versions prior to 20090713, update to a version released after 20090713 to resolve the issue.
PT-2009-4876
10
2009-07-14
Mathtex · Mathtex · CVE-2009-2460
**Name of the Vulnerable Software and Affected Versions** mathTeX versions prior to 20090713 **Description** The issue is related to multiple stack-based buffer overflows in the mathtex.cgi component of mathTeX. This has an unspecified impact and can be exploited through remote attack vectors. **Recommendations** For versions prior to 20090713, update to a version released after 20090713 to resolve the issue.
PT-2009-4877
7.2
2009-07-14
Mathtex · Mathtex · CVE-2009-2461
**Name of the Vulnerable Software and Affected Versions** mathTeX versions prior to 20090713 **Description** The issue is related to the insecure creation of temporary files by mathtex.cgi in mathTeX, which has an unspecified impact and can be exploited through local attack vectors. **Recommendations** For versions prior to 20090713, update to a version released after 20090713 to resolve the issue.