Lucene search
K

400 matches found

Redos
Redos
added 2024/04/03 12:0 a.m.7 views

ROS-20240402-20

A vulnerability in the Cargo package manager of the Rust programming language is associated with incorrect verification of the of the cryptographic signature. Exploitation of the vulnerability could allow an attacker acting remotely, affect the integrity of protected information via SSH protocol...

5.9CVSS6.6AI score0.00649EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.36 views

EulerOS Virtualization 2.9.0 : libssh (EulerOS-SA-2024-1469)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References4
Redos
Redos
added 2024/03/19 12:0 a.m.41 views

ROS-20240319-01

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

6.5CVSS7.8AI score0.93305EPSS
Exploits11
OpenVAS
OpenVAS
added 2024/03/13 12:0 a.m.13 views

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1338)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2024/03/12 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1244)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.93305EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.34 views

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2024-1316)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2024/03/12 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1219)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.93305EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.30 views

EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2024-1345)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

7.5CVSS7.2AI score0.93305EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.35 views

EulerOS 2.0 SP10 : libssh2 (EulerOS-SA-2024-1339)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.42 views

EulerOS 2.0 SP10 : libssh (EulerOS-SA-2024-1338)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2024/03/07 12:0 a.m.50 views

AlmaLinux 9 : buildah (ALSA-2024:1150)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1150 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks su...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/03/07 12:0 a.m.49 views

Jenkins plugins Multiple Vulnerabilities (2024-03-06)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypa...

8.8CVSS7AI score0.93305EPSS
Exploits4References18
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.100 views

RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4 (RHSA-2024:1196)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1196 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchrono...

5.9CVSS6.9AI score0.93305EPSS
Exploits4References8
Cloud Foundry
Cloud Foundry
added 2024/02/29 12:0 a.m.78 views

USN-6560-1: OpenSSH vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension...

9.8CVSS6.5AI score0.93305EPSS
Exploits4Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/02/21 12:0 a.m.41 views

SUSE SLES12 Security Update : libssh2_org (SUSE-SU-2024:0543-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0543-1 advisory. - Always add the KEX pseudo-methods 'ext-info-c' and '[email protected]' when configuring custom method list. bsc1218971,...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2024/02/20 11:6 a.m.6 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References6
Rockylinux
Rockylinux
added 2024/02/12 8:17 p.m.55 views

libssh security update

An update is available for libssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

5.9CVSS6.8AI score0.93305EPSS
Exploits4
Rockylinux
Rockylinux
added 2024/02/12 8:17 p.m.344 views

openssh security update

An update is available for openssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

6.5CVSS6.9AI score0.93305EPSS
Exploits11
RedHat Linux
RedHat Linux
added 2024/02/12 4:2 p.m.3 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References6
OSV
OSV
added 2024/02/10 1:3 a.m.10 views

MGASA-2024-0034 Updated filezilla packages fix a security vulnerability ("Terrapin attack")

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...

5.9CVSS6.5AI score0.93305EPSS
Exploits4References3
Rows per page
Query Builder