Fedora 38 : golang-x-crypto (2024-2705241461)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2705241461 advisory. Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 38 : golang-x-mod (2024-ae653fb07b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ae653fb07b advisory. Update to v0.14.0 to address CVE-2022-41717 and CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora securi...

Fedora 39 : golang-x-mod (2024-fb32950d11)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fb32950d11 advisory. Update to v0.14.0 to address CVE-2022-41717 and CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora securi...

Fedora: Security Advisory (FEDORA-2024-d946b9ad25)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for putty (FEDORA-2024-71c2c6526c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for libssh (FEDORA-2023-55800423a8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-7e301327c2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : golang-x-crypto (2024-7b08207cdb)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7b08207cdb advisory. Update golang-x-crypto to v0.18.0, fix for CVE-2023-48795 Tenable has extracted the preceding description block directly from the Fedora security...

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it address...

K000138264: SSH vulnerability CVE-2023-48795

Security Advisory Description The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may...

Mageia: Security Advisory (MGASA-2024-0013)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

On December 18th, 2023, researchers from the Ruhr University Bochum published a protocol flaw in the SSH v2 protocol, called Terrapin Attack. The flaw allows removing encrypted SSH messages at the begin of the communication, allowing downgrade of security aspects of SSH connections. This occurs...

EulerOS 2.0 SP8 : openssh (EulerOS-SA-2023-3140)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an...

EulerOS Virtualization 2.9.0 : openssh (EulerOS-SA-2023-3102)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code...

EulerOS 2.0 SP10 : openssh (EulerOS-SA-2023-2792)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an...

Debian dsa-5599 : php-seclib - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5599 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such...

EulerOS Virtualization 2.11.0 : curl (EulerOS-SA-2023-2750)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...

EulerOS Virtualization 2.9.1 : openssh (EulerOS-SA-2023-3088)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-2677)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously...

EulerOS Virtualization 2.11.0 : openssh (EulerOS-SA-2023-3074)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code...