32 matches found
libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CentOS 8 : libssh (CESA-2024:3233)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3233 advisory. - A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue...
EulerOS Virtualization 2.11.0 : libssh (EulerOS-SA-2024-1628)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...
EulerOS Virtualization 2.11.1 : libssh (EulerOS-SA-2024-1609)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...
RHEL 7 : libssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh: NULL pointer dereference in sftpserver.c if sshbuffernew returns NULL CVE-2020-16135 - libssh:...
Oracle Linux 9 : libssh (ELSA-2024-2504)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2504 advisory. 0.10.4-13 - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 Tenable has extracted the preceding...
libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
RHEL 9 : libssh (RHSA-2024:2504)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2504 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...
CentOS 9 : libssh-0.10.4-12.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libssh-0.10.4-12.el9 build changelog. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...
EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...
EulerOS Virtualization 2.9.0 : libssh (EulerOS-SA-2024-1469)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...
EulerOS 2.0 SP11 : libssh (EulerOS-SA-2024-1238)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
EulerOS 2.0 SP10 : libssh (EulerOS-SA-2024-1338)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
EulerOS 2.0 SP11 : libssh (EulerOS-SA-2024-1216)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
EulerOS 2.0 SP10 : libssh (EulerOS-SA-2024-1316)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
EulerOS 2.0 SP9 : libssh (EulerOS-SA-2024-1197)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
Ubuntu 16.04 ESM / 18.04 ESM : libssh vulnerabilities (USN-6592-2)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6592-2 advisory. USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tenable...
OESA-2024-1123 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libssh vulnerabilities (USN-6592-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6592-1 advisory. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possib...
OESA-2024-1040 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...