TencentOS Server 4: csmock (TSSA-2025:0581)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0581 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2005-3532

Malware in sbrugna...

EUVD-2005-3345

Malware in sbrugna...

EUVD-2024-27199

Malicious code in bioql PyPI...

CVE-2025-59339

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

CVE-2025-59339 The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

CVE-2025-59339 The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

PT-2025-38246

Name of the Vulnerable Software and Affected Versions: The Bastion affected versions not specified Description: The Bastion provides authentication, authorization, traceability, and auditability for SSH accesses. Session-recording ttyrec files are handled by the provided osh-encrypt-rsync script,...

Malicious code in @zalastax/nolb-osh (npm)

The package @zalastax/nolb-osh was found to contain malicious code...

MAL-2025-12849 Malicious code in @zalastax/nolb-osh (npm)

The package @zalastax/nolb-osh was found to contain malicious code...

Fedora 40 : csmock (2024-c49fc0b05f)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c49fc0b05f advisory. - update to latest upstream fixes CVE-2024-2243 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

CVE-2024-2243

A vulnerability was found in csmock where a regular user of the OSH service anyone with a valid Kerberos ticket can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers...

CVE-2024-2243 Csmock: command injection vulnerability in csmock-plugin-snyk

A vulnerability was found in csmock where a regular user of the OSH service anyone with a valid Kerberos ticket can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers...

CVE-2024-2243 Csmock: command injection vulnerability in csmock-plugin-snyk

A vulnerability was found in csmock where a regular user of the OSH service anyone with a valid Kerberos ticket can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers...

CVE-2024-2243

A vulnerability was found in csmock where a regular user of the OSH service anyone with a valid Kerberos ticket can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers...

PT-2024-19418 · Csmock · Csmock

Name of the Vulnerable Software and Affected Versions: csmock affected versions not specified Description: A vulnerability was found in csmock where a regular user of the OSH service, with a valid Kerberos ticket, can disclose the confidential Snyk authentication token and run arbitrary commands ...

osh.coop Cross Site Scripting vulnerability OBB-3856029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Debian Security Advisory DSA 918-1 (osh)

The remote host is missing an update to osh announced via advisory DSA 918-1. Several security related problems have been discovered in osh, the operator's shell for executing defined programs in a privileged environment. The Common Vulnerabilities and Exposures project identifies the following...

Debian: Security Advisory (DSA-329)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 329-1 (osh)

The remote host is missing an update to osh announced via advisory DSA 329-1. OpenVAS Vulnerability Test $Id: deb3291.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 329-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...