Ubuntu 16.04 ESM / 18.04 ESM : OpenSSH vulnerabilities (USN-6560-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6560-2 advisory. USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

Fedora 39 : putty (2024-d946b9ad25)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d946b9ad25 advisory. Security fix for CVE-2023-48795. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

FreeBSD : putty -- add protocol extension against 'Terrapin attack' (91955195-9ebb-11ee-bc14-a703705db3a6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91955195-9ebb-11ee-bc14-a703705db3a6 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current proftpd Vulnerability (SSA:2023-354-01)

The version of proftpd installed on the remote host is prior to 1.3.8b. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-354-01 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenSSH vulnerabilities (USN-6560-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6560-1 advisory. Fabian Bumer, Marcus Brinkmann, Jrg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If...

Amazon Linux 2 : openssh (ALAS-2023-2376)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2376 advisory. AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A...

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

CVE-2023-48123

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packetcapture.php file...

CVE-2023-48123

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packetcapture.php file...

Design/Logic Flaw

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packetcapture.php file...

CVE-2023-48123

CVE-2023-48123 : An issue in Netgate pfSense Plus v.23.05.1 and earlier and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. The NVD and OSV entries describe it as a remote, unauthenticated code execution with network acce...

Netgate pfSense CE Security Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in Netgate pfSense Plus v.23.05.1 and earlier and pfSense CE v.2.7.0, which stems from an arbitrary code execution vulnerability in the file packetcapture.php...

CVE-2023-42326

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfacesgifedit.php and interfacesgreedit.php components...

Design/Logic Flaw

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfacesgifedit.php and interfacesgreedit.php components...

CVE-2023-42327

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page...

CVE-2023-42325

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the statuslogsfilterdynamic.php page...

CVE-2023-42327

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page...

Cross site scripting

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the statuslogsfilterdynamic.php page...

Cross site scripting

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page...

CVE-2023-42325

CVE-2023-42325 describes a Cross Site Scripting (XSS) flaw in Netgate pfSense v2.7.0 that can allow an authenticated admin to gain privileges via a crafted URL to status_logs_filter_dynamic.php. Public sources confirm affected versions include pfSense CE 2.7.0 and below, with patches released: pf...