Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

Gentoo FoundationGLSA-202312-16

HistoryDec 28, 2023 - 12:00 a.m.

libssh: Multiple Vulnerabilities

Vulners
Gentoo
libssh: Multiple Vulnerabilities

2023-12-2800:00:00

Gentoo Foundation

security.gentoo.org

libssh

sshv2

protocol

vulnerabilities

cve

upgrade

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

Background

libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side.

Description

Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All libssh users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.10.6"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/libssh< 0.10.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-libs/libssh	< 0.10.6	UNKNOWN

nessus 61

openvas 60

fedora 7

slackware 1

mageia 4

osv 14

debian 3

cgr 1

cve 1

veracode 1

hackerone 1

prion 1

redhatcve 1

debiancve 1

wolfi 1

alpinelinux 2

ubuntucve 2

cvelist 1

nvd 1

cbl_mariner 8

ubuntu 5

atlassian 1

oraclelinux 4

redhat 6

redos 1

freebsd 1

cloudfoundry 1

ibm 4

photon 1

amazon 1

github 1

almalinux 1

nessus

GLSA-202312-16 : libssh: Multiple Vulnerabilities

2023-12-27 00:00:00

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2024-1338)

2024-03-12 00:00:00

Slackware Linux 14.2 / 15.0 / current libssh Multiple Vulnerabilities (SSA:2023-353-01)

2023-12-19 00:00:00

openvas

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1528)

2024-04-22 00:00:00

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1609)

2024-05-15 00:00:00

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1547)

2024-04-22 00:00:00

fedora

[SECURITY] Fedora 39 Update: libssh-0.10.6-1.fc39

2023-12-22 02:44:21

[SECURITY] Fedora 38 Update: libssh-0.10.6-2.fc38

2024-01-10 01:52:52

[SECURITY] Fedora 39 Update: putty-0.80-1.fc39

2024-01-11 01:17:14

slackware

[slackware-security] libssh

2023-12-19 21:31:02

mageia

Updated libssh packages fix security vulnerabilities

2023-12-29 20:16:34

Updated erlang packages fix a security vulnerability (Terrapin Attack)

2024-01-20 01:43:32

Updated putty package fixes a security vulnerability (Terrapin attack)

2024-01-08 13:12:44

osv

libssh - security update

2023-12-28 00:00:00

CVE-2023-6004

2024-01-03 17:15:11

phpseclib - security update

2024-01-12 00:00:00

debian

[SECURITY] [DSA 5591-1] libssh security update

2023-12-28 14:27:16

[SECURITY] [DSA 5600-1] php-phpseclib security update

2024-01-12 07:13:37

[SECURITY] [DLA 3718-1] php-phpseclib security update

2024-01-25 02:26:31

cgr

CVE-2023-6004 vulnerabilities

2024-05-19 03:07:16

cve

CVE-2023-6004

2024-01-03 17:15:11

veracode

Command Injection

2023-12-21 09:16:27

hackerone

Internet Bug Bounty: Command Injection using malicious hostname in expanded proxycommand

2023-12-20 22:05:47

prion

Command injection

2024-01-03 17:15:00

redhatcve

CVE-2023-6004

2023-12-18 22:58:47

debiancve

CVE-2023-6004

2024-01-03 17:15:11

wolfi

CVE-2023-6004 vulnerabilities

2024-06-16 09:08:15

alpinelinux

CVE-2023-6004

2024-01-03 17:15:11

CVE-2023-48795

2023-12-18 16:15:10

ubuntucve

CVE-2023-6004

2024-01-03 00:00:00

CVE-2023-48795

2023-12-18 00:00:00

cvelist

CVE-2023-6004 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

2024-01-03 17:01:38

nvd

CVE-2023-6004

2024-01-03 17:15:11

cbl_mariner

CVE-2023-48795 affecting package kubevirt for versions less than null

2024-01-10 08:19:37

CVE-2023-48795 affecting package moby-cli for versions less than 20.10.27-2

2024-01-19 03:54:24

CVE-2023-48795 affecting package libssh for versions less than 0.10.6-1

2024-01-14 22:46:30

ubuntu

libssh2 vulnerability

2024-01-15 00:00:00

FileZilla vulnerability

2024-01-18 00:00:00

LXD vulnerability

2024-04-22 00:00:00

atlassian

CVE-2023-48795 vulnerability on SSH

2024-01-04 17:19:13

oraclelinux

buildah security update

2024-03-07 00:00:00

openssh security update

2024-03-18 00:00:00

openssh security update

2024-03-19 00:00:00

redhat

(RHSA-2024:0499) Moderate: libssh security update

2024-01-25 15:19:29

(RHSA-2024:1150) Moderate: buildah security update

2024-03-05 15:32:31

(RHSA-2024:1196) Moderate: Red Hat JBoss Enterprise Application Platform 7.4 security update

2024-03-06 17:50:02

redos

ROS-20240408-15

2024-04-08 00:00:00

freebsd

jenkins -- Terrapin SSH vulnerability in Jenkins CLI client

2024-04-17 00:00:00

cloudfoundry

USN-6561-1: libssh vulnerability | Cloud Foundry

2024-04-04 00:00:00

ibm

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in net-ssh-4.2.0.gem

2024-05-30 07:47:08

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a machine-in-the-middle attack due to Apache MINA SSHD (CVE-2023-48795)

2024-04-04 17:46:46

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2023-48795

2024-03-22 16:29:44

photon

Important Photon OS Security Update - PHSA-2024-3.0-0712

2024-01-12 00:00:00

amazon

Medium: openssh

2023-12-18 09:20:00

github

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

2023-12-18 19:22:09

almalinux

Moderate: libssh security update

2024-01-31 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

Related for GLSA-202312-16