PT-2024-2451

Name of the Vulnerable Software and Affected Versions XZ Utils versions 5.6.0 through 5.6.1 Description Malicious code was discovered in the upstream tarballs of XZ Utils. Through complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file in the...

Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094)

Binary data xzutilsbackdoorcve-2024-3094.nbin...

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift Builds 1.0.1

An update is now available for Red Hat OpenShift Builds 1.0. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Siklu MultiHaul TG Series Credential Disclosure

Exploit Title: Siklu MultiHaul TG series - unauthenticated credential disclosure Date: 28-02-2024 Exploit Author: semaja2 Vendor Homepage: https://siklu.com/ Software Link: https://partners.siklu.com/home/frontdoor Version: 2.0.0 Tested on: 2.0.0 CVE : None assigned Instructions 1. Perform IPv6...

Security Bulletin: This Power System update is being released to address CVE-2022-4304

Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

CVE-2024-26303

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon...

CVE-2024-26303

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon...

CVE-2024-26303

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon...

CVE-2024-26303

CVE-2024-26303 describes an authenticated denial-of-service against the ArubaOS-Switch SSH Daemon. The vulnerability is triggered by an attacker with high privileges over the network, with no user interaction, causing an impact to availability (CVSSv3.1 base score 4.9, MEDIUM). Affected component...

CVE-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735

CVE-2024-29735 affects Apache Airflow (versions 2.8.2–2.8.3) due to the local file task handler incorrectly setting permissions on parent folders of the log directory, potentially granting group write access. The issue can impact log storage paths, and, if the home directory becomes group-writabl...

CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-21865

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell...

CVE-2024-21865

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell...

CVE-2024-21865

The HGW BL1500HM router (firmware 002.001.013 and earlier) is affected by CVE-2024-21865 due to use of weak credentials. An adjacent unauthenticated attacker can connect via SSH and obtain a shell. Remediation: update firmware to 002.001.019 (per JVN RedHat/RH entries). The impact is limited to c...

Slackware: Security Advisory (SSA:2024-083-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : jsch-agent-proxy (SUSE-SU-2024:0974-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0974-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

openSUSE 15 Security Update : jbcrypt, trilead-ssh2 (SUSE-SU-2024:0972-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0972-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

SUSE-SU-2024:0974-1 Security update for jsch-agent-proxy

This update for jsch-agent-proxy fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack bsc1218198...