Fedora 38 : putty (2024-71c2c6526c)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-71c2c6526c advisory. Security fix for CVE-2023-48795. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 39 : python-asyncssh (2023-d2956318e4)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d2956318e4 advisory. Security fix for CVE-2023-46446 and CVE-2023-46445 Tenable has extracted the preceding description block directly from the Fedora security advisory...

DEBIAN-CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

PYSEC-2023-239

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation...

CVE-2023-28113

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

OpenBSD OpenSSH < 9.3 Unspecified Vulnerability

OpenBSD OpenSSH is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

K8599: XSS vulnerability viewing logs from the Console section of the web management interface

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

SUSE CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

SUSE CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

GLSA-202301-02 : Twisted: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202301-02 Twisted: Multiple Vulnerabilities - twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue...

Debian: Security Advisory (DLA-3187-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : python-twisted-conch (ALAS-2022-1592)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1592 advisory. An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived function. This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory...

GO-2022-0213 Panic on invalid DSA public keys in crypto/dsa

Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don't chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server tha...

GHSA-8RP6-X3R7-5QW3 SaltStack Salt is vulnerable to shell injection via ProxyCommand argument

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

SaltStack Salt is vulnerable to shell injection via ProxyCommand argument

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

GHSA-QR38-H96J-2J3W SaltStack Salt Command Injection in netapi ssh client

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

GHSA-Q53J-P6R2-G2V4 SaltStack Salt is vulnerable to command injection

In SaltStack Salt before 2019.2.3, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

SaltStack Salt is vulnerable to command injection

In SaltStack Salt before 2019.2.3, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

Tetanus - Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust

Tetanus is a Windows and Linux C2 agent written in rust. Installation To install Tetanus, you will need Mythic set up on a machine. In the Mythic root directory, use mythic-cli to install the agent. payload start tetanus" sudo ./mythic-cli install github https://github.com/MythicAgents/tetanus su...

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-twisted) (RHSA-2022:0982)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0982 advisory. Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat...