Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current proftpd Vulnerability (SSA:2023-354-01)

The version of proftpd installed on the remote host is prior to 1.3.8b. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-354-01 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenSSH vulnerabilities (USN-6560-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6560-1 advisory. Fabian Bumer, Marcus Brinkmann, Jrg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If...

AZL-34944 CVE-2023-48795 affecting package libssh2 for versions less than 1.11.1-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-32201 CVE-2023-48795 affecting package libssh2 for versions less than 1.9.0-4

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

Amazon Linux 2 : openssh (ALAS-2023-2376)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2376 advisory. AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A...

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libssh2

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilties in libssh2. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length a...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...

Advisory ROSA-SA-2023-2278

Software: libssh2 1.8.0 OS: rosa-server79 packageevrstring: libssh2-1.8.0-4.res7.1.x8664.rpm CVE-ID: CVE-2020-22218 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An issue was discovered in the libssh2packetadd function in libssh2 1.10.0 that allows attackers to access external memory. CVE-STATUS: Fixed...

Ubuntu 16.04 ESM : libssh2 vulnerabilities (USN-5308-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5308-1 advisory. It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote,...

libssh2: use-of-uninitialized-value in _libssh2_transport_read

A flaw was found in the libssh2 library. An out-of-bounds access issue can occur due to an improper initialization of a variable, resulting in a crash in the application linked to the library...

Moderate: Red Hat Security Advisory: libssh2 security update

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

libssh2 security update

1.8.0-4.el79.1 - fix use-of-uninitialized-value CVE-2020-22218...

Oracle Linux 7 : libssh2 (ELSA-2023-5615)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5615 advisory. 1.8.0-4.el79.1 - fix use-of-uninitialized-value CVE-2020-22218 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 7 : libssh2 (RHSA-2023:5615)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5615 advisory. The libssh2 packages provide a library that implements the SSH2 protocol. Security Fixes: libssh2: use-of-uninitialized-value in libssh2transportread...

CBL Mariner 2.0 Security Update: libssh2 (CVE-2020-22218)

The version of libssh2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-22218 advisory. - An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of...

CVE-2020-22218 affecting package libssh2 for versions less than 1.9.0-3

CVE-2020-22218 affecting package libssh2 for versions less than 1.9.0-3. A patched version of the package is available...

CLSA-2023-1695835793 libssh2: Fix of CVE-2020-22218

CVE-2020-22218: doing totalnum zero length check...

libssh2: Fix of CVE-2020-22218

CVE-2020-22218: doing totalnum zero length check...

CLSA-2023-1695835423 libssh2: Fix of CVE-2020-22218

CVE-2020-22218: doing totalnum zero length check...