AZL-40229 CVE-2024-32884 affecting package rust for versions less than 1.75.0-9

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884

The CVE-2024-32884 issue affects gitoxide’s gix-transport component. A crafted clone URL can bypass checking the username portion of the URL, allowing characters that the external SSH program would interpret as options, which can smuggle SSH options and, in a malicious context (e.g., with a malic...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

[SECURITY] Fedora 39 Update: putty-0.81-1.fc39

Putty is a SSH, Telnet & Rlogin client - this time for Linux...

[SECURITY] Fedora 38 Update: putty-0.81-1.fc38

Putty is a SSH, Telnet & Rlogin client - this time for Linux...

PYSEC-2024-232

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

CentOS 9 : openssh-8.7p1-38.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-38.el9 build changelog. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Fedora 39 : putty (2024-cba85cc558)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cba85cc558 advisory. Security fix for CVE-2024-31497. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

[SECURITY] [DLA 3794-1] putty security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3794-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès April 25, 2024 https://wiki.debian.org/LTS -...

PT-2024-4195 · Unknown +2 · Python-Jose +2

Name of the Vulnerable Software and Affected Versions: python-jose versions 3.3.0 and earlier Description: The issue is related to algorithm confusion with OpenSSH ECDSA keys and other key formats in the python-jose component. It is associated with the definition of a prefix blacklist for OpenSSH...

Fedora 38 : filezilla / libfilezilla (2024-0489e7ba1e)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0489e7ba1e advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

python-jose 安全漏洞

python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose 3.3.0 and earlier versions, which stems from confusion between OpenSSH ECDSA keys and other key formats...

Debian dla-3794 : pterm - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3794 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3794-1 [email protected]...

Fedora 38 : putty (2024-08a4a5ead8)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-08a4a5ead8 advisory. Security fix for CVE-2024-31497. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

ROS-20240425-04

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

openSUSE 15 Security Update : putty (openSUSE-SU-2024:0111-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0111-1 advisory. - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack i...

Ubuntu: Security Advisory (USN-6738-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from...