CVE-2019-19751

easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

CVE-2019-19755

ethOS 1.3.3 and earlier ships with SSH host keys baked into the installation image, enabling MITM attacks and exposing all public IPv4 nodes (e.g., via Shodan). The issue is described consistently across CVE records and Red Hat/NVD/CVE listings. The vendor noted plans to fix this as of 2019-12-01...

CVE-2019-19755

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this...

Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...

Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

ALSA-2024:2246 Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

CVE-2019-19755

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this...

RHEL 9 : xorg-x11-server (RHSA-2024:2169)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2169 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical use...

RHEL 9 : xorg-x11-server-Xwayland (RHSA-2024:2170)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2170 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Out-of-bounds write in...

Fedora 37 : rust (2023-19bcafe341)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-19bcafe341 advisory. Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the...

Fedora 40 : chisel (2023-b29031a7aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b29031a7aa advisory. Automatic update for chisel-1.9.0-1.fc40. Changelog Sun Aug 20 2023 Filipe Rosset - 1.9.0-1 - Update to 1.9.0 fixes rhbz2113146 rhbz2163065...

Fedora 40 : gh (2024-48aa5f1dae)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-48aa5f1dae advisory. Automatic update for gh-2.41.0-1.fc40. Changelog Mon Jan 8 2024 Mikel Olasagasti Uranga - 2.41.0-1 - Update to 2.41.0 - Closes rhbz2257273 rhbz2255084 Tenabl...

Amazon Linux AMI : xorg-x11-server (ALAS-2024-1932)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1932 advisory. Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer NOTE: https://lists.x.org/archives/xorg/2024-January/061525.htmlNOTE:...

Fedora 40 : python-asyncssh (2023-a3af7820e8)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a3af7820e8 advisory. Automatic update for python-asyncssh-2.14.2-1.fc40. Changelog Thu Dec 21 2023 Georg Sauthoff - 2.14.2-1 - Update to latest upstream version fixes fedora22550...

Fedora 40 : python-cryptography / rust-asn1 / rust-asn1_derive (2023-11f1c85512)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-11f1c85512 advisory. - Update python-cryptography to 41.0.3, https://cryptography.io/en/latest/changelog/ - Security fix for CVE-2023-3832 SSH certificate encoding/parsi...

Fedora 40 : golang-x-crypto (2024-0d8d3b8dcc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0d8d3b8dcc advisory. Automatic update for golang-x-crypto-0.18.0-1.fc40. Changelog Tue Jan 9 2024 Mark E. Fuller - 0.18.0-1 - update to v0.18.0, close rhbz2255095 - CVE-2023-4879...

Fedora 40 : doctl (2023-0355346550)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0355346550 advisory. Automatic update for doctl-1.102.0-3.fc40. Changelog Sun Dec 31 2023 Mikel Olasagasti Uranga - Update to 1.102.0 - Closes rhbz2255468 rhbz2255083 Tenable has...

Fedora 40 : filezilla / libfilezilla (2024-ff9a2fb31c)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ff9a2fb31c advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

RHEL 7 / 8 : OpenShift Virtualization 4.11.0 RPMs (RHSA-2022:6527)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6527 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Denial Of Service (DoS)

putty is vulnerable to Denial Of Service DoS. The vulnerability is due to remote SSH-1 servers accessing freed memory locations via an SSH1MSGDISCONNECT message in PuTTY, allows remote SSH-1 servers to trigger a denial of service condition...