Fedora: Security Advisory for openssh (FEDORA-2023-1176c8b10c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Schneider Electric StruxureWare Data Center Expert 操作系统命令注入漏洞

Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An operating system command injection...

The vulnerability of the libcurl library, related to bypassing the authentication process, allows a perpetrator to reuse an inappropriate connection.

The vulnerability of the libcurl library relates to bypassing the authentication process. Exploiting this vulnerability allows a malicious actor to easily manipulate two SSH parameters, which may lead to the reuse of an inappropriate connection. As a result, an already established SSH connection...

CVE-2023-22948

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...

ROS-20230407-21

A vulnerability in the libcurl library is related to an authentication bypass, in which libcurl reuses a a previously established SSH connection, even though the SSH parameter has been changed, which should have prevent reuse. Exploitation of the vulnerability could allow an attacker acting...

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However two SSH settings were omitted from the configuration check allowing them to match easily potentially leading to the reuse of an inappropriate connection.

...

OESA-2023-1195 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...

OESA-2023-1196 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However,...

DEBIAN-CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

ALPINE-CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

CVE-2023-24838

HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution...

CVE-2023-24838

HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution...

PT-2023-15772 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.10.3 Description: The issue allows for stored XSS on the SSH keys page. Recommendations: For versions prior to 2022.10.3, update to version 2022.10.3 or later to resolve the issue...

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

...

Tailscale 安全漏洞

Tailscale is an open source WireGuard based application from Tailscale. Can provide a secure private network for any size team . A security vulnerability exists in Tailscale versions prior to 1.38.2 that stems from allowing commands to be run using a privilege group ID higher than the privilege...

SSH connection too eager reuse still

libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were...

libcurl 授权问题漏洞

libcurl is a tool for transferring data from or to a server. An authorization issue vulnerability exists in libcurl version v8.0.0, which stems from the ability to reuse a previously established SSH connection and an authentication bypass vulnerability...

CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

CVE-2023-0345 CVE-2023-0345

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

PT-2023-8987 · Akuvox · Akuvox E11

Name of the Vulnerable Software and Affected Versions: Akuvox E11 affected versions not specified Description: The issue is related to the Akuvox E11 secure shell SSH server, which is enabled by default and accessible by the root user with a password that cannot be changed by the user. This conce...