47 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to Unchecked Return Value in the RHEL UBI (CVE-2023-6918)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-6918 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-6918 DESCRIPTION: A flaw was found in the libssh implements abstract layer for...
TencentOS Server 3: libssh (TSSA-2024:0219)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0219 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.297 Vulnerability Details CVEID:CVE-2023-6918 DESCRIPTION: A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto...
Alibaba Cloud Linux 3 : 0119: libssh (ALINUX3-SA-2024:0119)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0119 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-6004: A flaw was found in libssh...
RLSA-2024:2504 Low: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...
RockyLinux 9 : libssh (RLSA-2024:2504)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2504 advisory. libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for...
CBL Mariner 2.0 Security Update: libssh (CVE-2023-6918)
The version of libssh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6918 advisory. - A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by...
Azure Linux 3.0 Security Update: libssh (CVE-2023-6918)
The version of libssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6918 advisory. - A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by...
CVE-2023-6918 affecting package libssh for versions less than 0.10.6-1
CVE-2023-6918 affecting package libssh for versions less than 0.10.6-1. An upgraded version of the package is available that resolves this issue...
Fedora 41 : libssh2 (2025-9cee4b3ac0)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-9cee4b3ac0 advisory. This update, to the current upstream libssh2 release, addresses a couple of security issues: CVE-2023-6918 missing checks for return values for...
Advisory ROSA-SA-2025-2674
software: libssh 0.9.8 OS: ROSA-CHROME packageevrstring: libssh-0.9.8-1 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and...
Security Bulletin: Vulnerabilities in libssh (CVE-2023-6004, CVE-2023-6918) affect Power HMC.
Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.19 LTS, 12.0.1 LTS and 12.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...
Photon OS 5.0: Libssh PHSA-2024-5.0-0187
An update of the libssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0187. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RLSA-2024:3233 Low: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...
libssh security update
0.9.6-14 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol BPP - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Note: version is bumped from 12 to 14...
ALSA-2024:3233 Low: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...
Low: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...
RHEL 6 : libssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh: authorization bypass in pkiverifydatasignature CVE-2023-2283 - A flaw was found in the libssh...
Oracle Linux 9 : libssh (ELSA-2024-2504)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2504 advisory. 0.10.4-13 - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 Tenable has extracted the preceding...