FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

The threat actor behind a peer-to-peer P2P botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as ma...

Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign

Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today...

PT-2024-1516 · Vinchin · Vinchin Backup & Recovery

Name of the Vulnerable Software and Affected Versions: Vinchin Backup & Recovery version 7.2 Description: The issue is related to the use of default root credentials in Vinchin Backup & Recovery. This could allow a remote attacker to gain elevated privileges to the level of a root user by...

Debian dla-3730 : python-asyncssh-doc - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3730 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3730-1 [email protected] https://www.debian.org/lts/security/;...

Oracle Linux 8 : libssh (ELSA-2024-0628)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0628 advisory. - Client and Server side mitigations CVE-2023-48795 - Strip extensions from both kex lists for matching CVE-2023-48795 Tenable has extracted the preceding...

AlmaLinux 8 : libssh (ALSA-2024:0628)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0628 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks su...

Oracle Linux 8 : openssh (ELSA-2024-0606)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0606 advisory. - Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385 Tenable has extracted the preceding description block directly from the Oracle...

Fedora 38 : xorg-x11-server-Xwayland (2024-05db4bcbec)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-05db4bcbec advisory. CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 Tenable has extracted the preceding...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Insecure SSH Configuration

vantage6 is vulnerable to Insecure SSH Configuration. The vulnerability is due to the default configuration on nodes and servers, allowing root login with password authentication. This configuration is overly permissive...

ALSA-2024:0628 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 For more details about the security issues, including the impact, a CVSS score,...

Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 For more details about the security issues, including the impact, a CVSS score,...

CentOS 8 : libssh (CESA-2024:0628)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0628 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks...

GHSA-2WGC-48G2-CJ5W vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

CVE-2024-21653

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

PYSEC-2024-34

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

Authentication flaw

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

PYSEC-2024-34

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...