EUVD-2024-2473

Malicious code in bioql PyPI...

Fedora: Security Advisory (FEDORA-2024-37a2b3fac5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-6b9aeecbe8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : chisel (2024-6b9aeecbe8)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6b9aeecbe8 advisory. Update to new upstream version closes rhbz2303131 Tenable has extracted the preceding description block directly from the Fedora security advisory...

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRONTRAP , starts with a malicious Windows shortcut L...

[SECURITY] Fedora 39 Update: chisel-1.10.0-1.fc39

A fast TCP tunnel over HTTP...

[SECURITY] Fedora 41 Update: chisel-1.10.0-1.fc41

A fast TCP tunnel over HTTP...

Fedora 40 : chisel (2024-5aad2fda6a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5aad2fda6a advisory. Update to new upstream version closes rhbz2303131 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 39 : chisel (2024-9b005962f9)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9b005962f9 advisory. Update to new upstream version closes rhbz2303131 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora: Security Advisory (FEDORA-2024-5aad2fda6a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-9b005962f9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. "Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims' data and then destroy their infrastructure with a...

Fedora: Security Advisory (FEDORA-2023-b29031a7aa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2024-3100 Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel

Chisel's AUTH environment variable not respected in server entrypoint in github.com/jpillora/chisel...

GHSA-38JH-8H67-M7MJ Chisel's AUTH environment variable not respected in server entrypoint

Summary The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. This advisory is a formalization of a report sent to the maintainer via email. Details In the help page for...

Chisel's AUTH environment variable not respected in server entrypoint

Summary The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. This advisory is a formalization of a report sent to the maintainer via email. Details In the help page for...

Unauthorized Access

github.com/jpillora/chisel is vulnerable to Unauthorized Access. The vulnerability is due to the Chisel server not reading the documented AUTH environment variable, which allows unauthenticated users to connect even when credentials are set...

CVE-2024-43798

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...

CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...

CVE-2024-43798

CVE-2024-43798 affects Chisel, a fast TCP/UDP tunnel over HTTP secured via SSH. The vulnerability occurs because the server does not read the documented AUTH environment variable for credentials, allowing any unauthenticated user to connect even when credentials are set. This impacts deployments ...