EulerOS Virtualization 2.11.0 : openssh (EulerOS-SA-2024-1631)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.11.0 : libssh2 (EulerOS-SA-2024-1629)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

EulerOS Virtualization 2.11.0 : python-paramiko (EulerOS-SA-2024-1635)

According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.11.1 : openssh (EulerOS-SA-2024-1612)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.11.1 : python-paramiko (EulerOS-SA-2024-1616)

According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.11.1 : libssh (EulerOS-SA-2024-1609)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1609)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1629)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : libssh2 (EulerOS-SA-2024-1610)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1631)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1616)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-4W53-6JVP-GG52 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address

Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...

CVE-2024-35175

CVE-2024-35175 describes a vulnerability in sshpiper where, before version 1.3.0, the proxy protocol listener was enabled as the only listener and lacked a toggle, allowing an attacker to forge the source address of connections. This affects sshpiper (reverse proxy for sshd) for versions 1.0.50–1...

GHSA-JMQP-37M5-49WH sshproxy vulnerable to SSH option injection

Impact Any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are impacted. Patches The problem is patched starting on version 1.6.3 Workarounds The only workaround is to use the forcecommand option in...

sshproxy vulnerable to SSH option injection

Impact Any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are impacted. Patches The problem is patched starting on version 1.6.3 Workarounds The only workaround is to use the forcecommand option in...

CVE-2024-4871

A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack MITM, denial of...

CVE-2024-34713

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are...

CVE-2024-34713 sshproxy vulnerable to SSH option injection

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are...

CVE-2024-34713

Summary : The vulnerability affects sshproxy, used to transparently proxy SSH connections through a gateway. Before version 1.6.3, any user authorized to connect to an SSH server via sshproxy could inject options into the ssh command executed by sshproxy; all versions are impacted. The issue is m...

CVE-2024-34713 sshproxy vulnerable to SSH option injection

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are...