EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2023-2542)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated...

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2023-2561)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated...

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...

openSUSE 15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:3011-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3011-1 advisory. - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries bsc1213383. - CVE-2023-3446: Fixed DHcheck excessive time with ov...

Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on. "Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims...

PT-2023-26345 · Trustwave +1 · Modsecurity +1

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.0 through 3.0.9 Description: The issue is related to Inefficient Algorithmic Complexity. Recommendations: For Trustwave ModSecurity versions 3.0.0 through 3.0.9, update to version 3.0.10 or later to resolve...

Amazon Linux AMI : bind (ALAS-2023-1789)

The version of bind installed on the remote host is prior to 9.8.2-0.68.rc1.90. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1789 advisory. A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished...

SUSE-SU-2023:2954-1 Security update for bind

This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm bsc1212544...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-240)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-240 advisory. A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order,...

Oracle Linux 7 : bind (ELSA-2023-4152)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4152 advisory. - Prevent the cache going over the configured limit CVE-2023-2828 - Tighten cache protection against record from forwarders CVE-2021-25220 - Include test of...

Oracle Linux 8 : bind (ELSA-2023-4102)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4102 advisory. 32:9.11.36-8.1 - Improve RBT overmem cache cleaning CVE-2023-2828 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Amazon Linux 2 : bind (ALAS-2023-2112)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2112 advisory. A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by...

Improper Authentication

openssl is vulnerable to Improper Authentication. The vulnerability allows applications that use the 'AES-SIV' algorithm and want to authenticate empty data entries to be misled by removing adding or reordering empty entries causing the issue...

CVE-2023-28021 BigFix WebUI is vulnerable to use of a risky cryptographic algorithm

The BigFix WebUI uses weak cipher suites...

CVE-2023-28021 BigFix WebUI is vulnerable to use of a risky cryptographic algorithm

The BigFix WebUI uses weak cipher suites...

CVE-2023-37464

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

AlmaLinux 8 : bind9.16 (ALSA-2023:4100)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4100 advisory. - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to...

AlmaLinux 8 : bind (ALSA-2023:4102)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4102 advisory. - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to...

AlmaLinux 9 : bind (ALSA-2023:4099)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4099 advisory. - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to...

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2023-2358)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a...