CVE-2022-24657

CVE-2022-24657 affects Goldshell ASIC Miners v2.1.x, where hardcoded credentials enable remote SSH access (port 22). The root cause is the presence of embedded credentials in the device firmware, as documented across multiple sources in the connected set (NVD/Red Hat/CVE listings, CNNVD). Impact ...

CVE-2022-24657

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...

Oracle Linux 8 : libssh (ELSA-2022-2031)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-2031 advisory. - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism Tenable has extracted the preceding description block...

AlmaLinux 8 : libssh (ALSA-2022:2031)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2031 advisory. - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is...

Low: Red Hat Security Advisory: libssh security, bug fix, and enhancement update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ALSA-2022:2031 Low: libssh security, bug fix, and enhancement update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.6. BZ1896651 Security Fixes: libssh: possible heap-based buffer overflow when rekeying CVE-2021-3634...

The vulnerability in the implementation of the SSHv2 protocol by the Paramiko library arises from synchronization errors when using a shared resource, allowing an attacker to gain access to confidential information.

The vulnerability of the SSHv2 protocol implementation by the Paramiko library is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to access confidential information...

SSH Host Based Authentication

Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identit...

EulerOS Virtualization 2.9.0 : libssh (EulerOS-SA-2021-2787)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2021-2753)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : libssh (EulerOS-SA-2021-2753)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2021-2787)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2021-2691)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2021-2716)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ALSA-2021:4387 Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: NULL pointer dereference in sftpserver.c if sshbuffernew returns NULL CVE-2020-16135 For more details about the security issues, including the impact, a CVSS...

PT-2021-19253 · Juniper Networks · Juniper Networks Src Series

Name of the Vulnerable Software and Affected Versions: Juniper Networks SRC Series versions prior to 4.13.0-R6 Description: An Information Exposure issue in Juniper Networks SRC Series devices configured for NETCONF over SSH allows the negotiation of weak ciphers. This could enable a remote...

FreeBSD : libssh -- possible heap-buffer overflow vulnerability (57b1ee25-1a7c-11ec-9376-0800272221cc)

libssh security advisories : The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

Updated libssh packages fix security vulnerability

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack

Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China. In mid-July, the Texas-based company...