GO-2024-2836 sshproxy vulnerable to SSH option injection in github.com/cea-hpc/sshproxy

sshproxy vulnerable to SSH option injection in github.com/cea-hpc/sshproxy...

RHEL 6 : cloud-init (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 Note that Nessus has not tested...

RHEL 6 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libssh2: Using SSHMSGKEXINIT data unbounded CVE-2015-1782 Note that Nessus has not tested for this issue but has...

RHEL 6 : openstack-keystone (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-keystone: Improper check of tampered revocated PKI/PKIZ token CVE-2015-7546 Note that Nessus has not test...

RHEL 6 : bzr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - bzr: does not strip bzr+ssh SSH options CVE-2017-14176 Note that Nessus has not tested for this issue but has inste...

RHEL 6 : cvs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cvs: Command injection via malicious ssh URLs CVE-2017-12836 Note that Nessus has not tested for this issue but has...

RHEL 5 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: Command injection through clients via malicious svn+ssh URLs CVE-2017-9800 - Svnserve in Apac...

RHEL 8 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - I...

[SECURITY] Fedora 39 Update: rust-ssh-key-dir-0.1.4-8.fc39

sshd AuthorizedKeysCommand to read key files from /.ssh/authorizedkeys.d...

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access

Exploit Title: ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution RCE & SSH Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM Firmware = 1.14.51 probably others Tested on: Linux...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in net-ssh-4.2.0.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of net-ssh-4.2.0.gem Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport...

EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1765)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1773)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1771)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1748)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

Important: tigervnc

Issue Overview: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X...

EulerOS 2.0 SP12 : xorg-x11-server (EulerOS-SA-2024-1781)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, i...

SUSE SLES15 / openSUSE 15 Security Update : warewulf4 (SUSE-SU-2024:1838-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1838-1 advisory. - fixed wwctl configure --all doesn't configure ssh bsc1225402 - update to 4.5.2 with following changes: Reorder dnsmasq config to put iPX...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1742)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...