RHEL 6 : libssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh: authorization bypass in pkiverifydatasignature CVE-2023-2283 - A flaw was found in the libssh...

RHEL 7 : libssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh: NULL pointer dereference in sftpserver.c if sshbuffernew returns NULL CVE-2020-16135 - libssh:...

Oracle Linux 9 : libssh (ELSA-2024-2504)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2504 advisory. 0.10.4-13 - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 Tenable has extracted the preceding...

libssh security update

0.10.4-13 - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245...

libssh: Missing checks for return values for digests

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...

Low: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...

ALSA-2024:2504 Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...

RHEL 9 : libssh (RHSA-2024:2504)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2504 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

Fedora 40 : python-asyncssh (2023-a3af7820e8)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a3af7820e8 advisory. Automatic update for python-asyncssh-2.14.2-1.fc40. Changelog Thu Dec 21 2023 Georg Sauthoff - 2.14.2-1 - Update to latest upstream version fixes fedora22550...

Fedora 40 : doctl (2023-0355346550)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0355346550 advisory. Automatic update for doctl-1.102.0-3.fc40. Changelog Sun Dec 31 2023 Mikel Olasagasti Uranga - Update to 1.102.0 - Closes rhbz2255468 rhbz2255083 Tenable has...

CentOS 9 : libssh-0.10.4-12.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libssh-0.10.4-12.el9 build changelog. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1547)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1533)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1528)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : libssh2 (EulerOS-SA-2024-1529)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

[SECURITY] [DSA 5655-2] cockpit regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-5655-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 16, 2024 https://www.debian.org/security/faq -...

Security Bulletin: Vulnerabilities in libssh library (CVE-2023-1667, CVE-2023-2283 ) affect Power HMC

Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-1667 DESCRIPTION: libssh is vulnerable to a denial of service, caused by a NULL pointer dereference during rekeying with algorithm guessing. A...