CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/07/04 4:15 p.m.•12 views

CVE-2024-39930

9.9CVSS0.11879EPSS

Cvelist•added 2024/07/04 12:0 a.m.•16 views

CVE-2024-39930

9.9CVSS0.11879EPSS

Vulnrichment•added 2024/07/04 12:0 a.m.•15 views

CVE-2024-39930

9.9CVSS8.1AI score0.11879EPSS

CVE•added 2024/07/04 12:0 a.m.•119 views

CVE-2024-39930

CVE-2024-39930 affects the built-in SSH server in Gogs up to version 0.13.0, where argument injection in internal/ssh/ssh.go can lead to remote code execution when an authenticated user opens an SSH session and sends a malicious --split-string env request (Windows builds are unaffected). Public d...

9.9CVSS8.1AI score0.11879EPSS

Exploits3References3Affected Software1

Tenable Nessus•added 2024/07/03 12:0 a.m.•25 views

CBL Mariner 2.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

Securelist•added 2024/06/24 10:0 a.m.•14 views

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident social engineering Part 3: XZ backdoor. Hook analysis In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned...

8.6AI score

Exploits0

Tenable Nessus•added 2024/06/03 12:0 a.m.•24 views

RHEL 8 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - I...

8.8CVSS9.7AI score0.424EPSS

Exploits2References7

Tenable Nessus•added 2024/05/30 12:0 a.m.•35 views

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

Tenable Nessus•added 2024/05/15 12:0 a.m.•32 views

EulerOS Virtualization 2.11.0 : libssh2 (EulerOS-SA-2024-1629)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

Tenable Nessus•added 2024/04/29 12:0 a.m.•24 views

Fedora 40 : doctl (2023-0355346550)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0355346550 advisory. Automatic update for doctl-1.102.0-3.fc40. Changelog Sun Dec 31 2023 Mikel Olasagasti Uranga - Update to 1.102.0 - Closes rhbz2255468 rhbz2255083 Tenable has...

5.9CVSS7AI score0.51662EPSS

Tenable Nessus•added 2024/04/25 12:0 a.m.•21 views

Fedora 38 : filezilla / libfilezilla (2024-0489e7ba1e)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0489e7ba1e advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

5.9CVSS7.7AI score0.23269EPSS

Exploits0References2

Tenable Nessus•added 2024/04/25 12:0 a.m.•22 views

Fedora 38 : putty (2024-08a4a5ead8)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-08a4a5ead8 advisory. Security fix for CVE-2024-31497. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

5.9CVSS7.8AI score0.23269EPSS

Exploits0References2

Tenable Nessus•added 2024/04/24 12:0 a.m.•20 views

openSUSE 15 Security Update : putty (openSUSE-SU-2024:0111-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0111-1 advisory. - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack i...

5.9CVSS7.7AI score0.23269EPSS

Exploits0References3

OpenVAS•added 2024/04/22 12:0 a.m.•64 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1533)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.51662EPSS

Exploits11References2

Tenable Nessus•added 2024/04/19 12:0 a.m.•31 views

EulerOS Virtualization 2.10.0 : libssh2 (EulerOS-SA-2024-1529)

Vulnrichment•added 2024/04/15 12:0 a.m.•25 views

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

6.3AI score0.23269EPSS

Exploits0References27

Tenable Nessus•added 2024/03/21 12:0 a.m.•34 views

EulerOS Virtualization 2.9.0 : libssh2 (EulerOS-SA-2024-1470)