CVE-2024-5813

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response...

CVE-2024-5813 SSH Private Key Leak in BeyondInsight PasswordSafe

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response...

CVE-2024-5813

CVE-2024-5813 affects BeyondInsight Password Safe (BIPS). An authenticated attacker with high privileges can exploit an information leak in the server response to access SSH private keys, exposing highly sensitive material. The vulnerability targets the confidentiality of SSH keys via a disclosur...

[SECURITY] Fedora 40 Update: podman-tui-1.1.0-1.fc40

podman-tui is a terminal user interface for Podman v4 and v5. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

BeyondInsight Information Disclosure Vulnerability

BeyondInsight is a Privileged Access Management PAM reporting platform from BeyondTrust USA. An information disclosure vulnerability exists in BeyondInsight Password Safe, which originates from an authenticated attacker with elevated privileges who can access SSH private keys via information...

Fedora: Security Advisory (FEDORA-2024-e383f723a9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-49222

Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges...

Fedora: Security Advisory for rust-ssh-key-dir (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-49222

Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges...

CVE-2023-49224

CVE-2023-49224 affects Precor touchscreen consoles P62, P80, and P82. The issue is the presence of a default SSH public key in the authorized_keys file, which could allow a remote attacker to gain root privileges. Public disclosures from multiple sources confirm the vulnerability and its impact a...

CVE-2023-49222

The CVE-2023-49222 issue affects the Precor touchscreen console P82, where a private SSH key is included that corresponds to a default public key. This configuration could allow a remote attacker to gain root privileges, per multiple sources (NVD/Red Hat/CNNVD). The core details describe the vuln...

Fedora: Security Advisory for rust-uu_tee (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-docopt (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-49222

Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges...

Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package

Summary Storage Virtualize Ansible Collection uses the third-party library paramiko to implement SSH for authentication to target systems. Version 3.3.1 of paramiko is vulnerable to CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...