PT-2023-8206 · Openssh +11 · Openssh +11

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified OpenSSH versions prior to 9.6p1 libssh versions prior to 0.10.6 and 0.9.8 Description: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname...

Low: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.

Summary Guava is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP CVE-2020-8909, CVE-2023-2976. SQLite is used by IBM Robotic Process Automation for Cloud Pak as part of base container images, WebSphere Liberty and Watson NLP CVE-2020-24736. Golang Go is used by IBM...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to libssh denial of service vulnerability [CVE-2023-3603]

Summary libssh denial of service vulnerability CVEID: CVE-2023-3603 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID: CVE-2023-3603 DESCRIPTION:...

Oracle Linux 9 : libssh (ELSA-2023-6643)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6643 advisory. - Fix CVE-2023-1667 and CVE-2023-2283 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

libssh security update

0.10.4-11 - Fix loglevel regression - Related: rhbz2182252, rhbz2189740 0.10.4.10 - Fix null dereference issues found by covscan - Related: rhbz2182252, rhbz2189740 0.10.4-9 - Fix CVE-2023-1667 and CVE-2023-2283 - Fix issues found by cosvcan - Resolves: rhbz2182252, rhbz2189740...

libssh: authorization bypass in pki_verify_data_signature

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

libssh: NULL pointer dereference during rekeying with algorithm guessing

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...

Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: NULL pointer dereference during rekeying with algorithm guessing CVE-2023-1667 libssh: authorization bypass in pkiverifydatasignature CVE-2023-2283 For more...

RHEL 9 : libssh (RHSA-2023:6643)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6643 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

Rocky Linux 8 : libssh (RLSA-2021:4387)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4387 advisory. - libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL. CVE-2020-16135 Note that Nessus has not tested for this issue but has...

ALSA-2023:6643 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: NULL pointer dereference during rekeying with algorithm guessing CVE-2023-1667 libssh: authorization bypass in pkiverifydatasignature CVE-2023-2283 For more...

Rocky Linux 8 : libssh (RLSA-2020:4545)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4545 advisory. - A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, th...

F5 Networks BIG-IP : libssh vulnerability (K05295501)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K05295501 advisory. - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2023-2985)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2023-2959)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the pki_verify_data_signature() function in the LibSSH client authentication library allows a perpetrator to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the pkiverifydatasignature function in the LibSSH client authentication library is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions and gain unauthorized access to protected...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2023-2728)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2023-2759)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...