Fedora 38 : prometheus-podman-exporter (2024-3fd1bc9276)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3fd1bc9276 advisory. Security fix for CVE-2023-48795 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 39 : prometheus-podman-exporter (2024-a53b24023d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a53b24023d advisory. Security fix for CVE-2023-48795 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

RHEL 8 : libssh (RHSA-2024:0538)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0538 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

FreeBSD : rclone -- Multiple vulnerabilities (b5e22ec5-bc4b-11ee-b0b5-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b5e22ec5-bc4b-11ee-b0b5-b42e991fc52e advisory. - A race condition in go-resty can result in HTTP request body disclosure across requests. Thi...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Authentication in the RHEL UBI (CVE-2023-27538)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27538 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-27538 DESCRIPTION: cURL libcurl could allow a local attacker to bypass security restrictions,...

GitHub: Privilege Escalation to Root SSH Access via Pre-Receive Hook Environment in GitHub Enterprise Server

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...

OESA-2024-1104 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-parent, apache-sshd (SUSE-SU-2024:0224-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0224-1 advisory. - Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD =...

Ubuntu: Security Advisory (USN-6598-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6600-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

USN-6598-1: Paramiko vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

[SECURITY] [DLA 3719-1] phpseclib security update

Debian LTS Advisory DLA-3719-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 25, 2024 https://wiki.debian.org/LTS Package : phpseclib Version : 1.0.19-3deb10u2 CVE ID : CVE-2023-48795 It was discovered that phpseclib, a PHP library for arbitrary-precision...

[SECURITY] [DLA 3718-1] php-phpseclib security update

Debian LTS Advisory DLA-3718-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 25, 2024 https://wiki.debian.org/LTS Package : php-phpseclib Version : 2.0.30-2deb10u2 CVE ID : CVE-2023-48795 It was discovered that php-phpseclib, a PHP library for...

RHEL 9 : openssh (RHSA-2024:0455)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0455 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...