ROS-20250825-03

The OpenSSH cryptographic security tool server vulnerability is related to a server modification to support the authentication option. Exploitation of the vulnerability could allow an attacker acting remotely execute a MITM attack...

Linux Distros Unpatched Vulnerability : CVE-2024-43887

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey ...

EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2313)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...

SUSE CVE-2024-43887

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...

DEBIAN-CVE-2024-43887

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...

EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2246)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbos...

SUSE SLES15 / openSUSE 15 Security Update : iperf (SUSE-SU-2024:1981-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1981-1 advisory. - Update to version 3.17.1 - CVE-2024-26306: Fixed a vulnerability that could led to marvin attack if the authentication option is used...

PT-2024-20074 · Darkhttpd · Darkhttpd

Name of the Vulnerable Software and Affected Versions: darkhttpd versions 1.15 and earlier Description: The issue allows local users to discover credentials by listing processes and their arguments. This is related to the --auth option. Recommendations: For darkhttpd versions 1.15 and earlier,...

PT-2023-28831 · Unknown · Knx Devices

Name of the Vulnerable Software and Affected Versions: KNX devices affected versions not specified Description: The issue affects KNX devices that use KNX Connection Authorization and support Option 1. Depending on the implementation, these devices are vulnerable to being locked, and users may be...

The vulnerability of the TCP-AO protocol implementation in Juniper Networks’ Junos operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the TCP-AO protocol implementation in Juniper Networks’ Junos operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

K04665443: OpenSSH vulnerability CVE-2021-36368

Security Advisory Description DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cann...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2022-2097)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Guzzle 信息泄露漏洞

Guzzle is a PHP HTTP client for the guzzlehttp individual developer that makes it easy to send HTTP requests and easily integrates with web services. Guzzle suffers from an information disclosure vulnerability that stems from a problem with the CURLOPTHTTPAUTH option. An attacker can exploit the...

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

CVE-2017-17300

Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain...