GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, argocd-image-updater, fscrypt, frankenphp-8.4, knative-serving, opentofu, tekton-pipelines, flux-source-controller-fips, zarf-fips, nerdctl, docker-machine-driver-harvester, trivy, calico-fips, terraform, knative-kafka-broker-fips, trivy-operator...

GHSA-24FP-5V3P-RVPW Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

CVE-2026-48113

creationtimestamp| type| source ---|---|--- 2026-05-20 23:29:51+00:00| published-proof-of-concept| https://github.com/jpillora/chisel/security/advisories/GHSA-24fp-5v3p-rvpw...

EUVD-2024-2473

Malicious code in bioql PyPI...

Fedora: Security Advisory (FEDORA-2024-37a2b3fac5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-6b9aeecbe8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : chisel (2024-6b9aeecbe8)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6b9aeecbe8 advisory. Update to new upstream version closes rhbz2303131 Tenable has extracted the preceding description block directly from the Fedora security advisory...

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRONTRAP , starts with a malicious Windows shortcut L...

[SECURITY] Fedora 39 Update: chisel-1.10.0-1.fc39

A fast TCP tunnel over HTTP...

[SECURITY] Fedora 41 Update: chisel-1.10.0-1.fc41

A fast TCP tunnel over HTTP...

Fedora: Security Advisory (FEDORA-2024-5aad2fda6a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : chisel (2024-5aad2fda6a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5aad2fda6a advisory. Update to new upstream version closes rhbz2303131 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora: Security Advisory (FEDORA-2024-9b005962f9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : chisel (2024-9b005962f9)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9b005962f9 advisory. Update to new upstream version closes rhbz2303131 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. "Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims' data and then destroy their infrastructure with a...

Fedora: Security Advisory (FEDORA-2023-b29031a7aa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2024-3100 Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel

Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel...

Chisel's AUTH environment variable not respected in server entrypoint

Summary The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. This advisory is a formalization of a report sent to the maintainer via email. Details In the help page for...

GHSA-38JH-8H67-M7MJ Chisel's AUTH environment variable not respected in server entrypoint

Summary The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. This advisory is a formalization of a report sent to the maintainer via email. Details In the help page for...