KLA62771 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Wireshark • wnpa-sec-2023-28 SSH dissector crash Related products Wireshark CVE list CVE-2023-6174 high Solution Update to the latest version...

Wireshark 4.0.x < 4.0.11 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.0.11. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.11 advisory. - The SSH dissector could crash. It may be possible to make Wireshark crash or consume excessive CPU...

Wireshark 4.0.x < 4.0.11 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 4.0.11. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.11 advisory. - The SSH dissector could crash. It may be possible to make Wireshark crash or consume excessive CPU resources b...

Rockwell Automation Stratix Cisco IOS and IOS XE Software AAA Login Denial of Service (CVE-2016-6393)

A vulnerability in the Authentication, Authorization, and Accounting AAA service for remote Secure Shell Host SSH connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an...

CVE-2023-34060

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

CVE-2023-34060

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

CVE-2023-34060

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

Moderate: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update

An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

DEBIAN-CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

PYSEC-2023-239

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation...

PYSEC-2023-237

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack...

CVE-2023-46446

CVE-2023-46446 is confirmed in IBM Storage Ceph (Python AsyncSSH) as a Rogue Session Attack affecting AsyncSSH prior to 2.14.1. IBM’s bulletin ties CVE-2023-46446 to IBM Storage Ceph versions 6.0, 6.1z0-z9, 7.0z0-z1, 7.1z0-z3, and 8.0z0-z3, with the remediation to upgrade to 7.0z2. The advisory n...

Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

ALSA-2023:6943 Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

Slackware Linux 15.0 / current tigervnc Multiple Vulnerabilities (SSA:2023-317-01)

The version of tigervnc installed on the remote host is prior to 1.12.0 / 1.13.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-317-01 advisory. - A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the functio...

The vulnerability of the /api/upload component of the software platform zdir, which allows a perpetrator to execute arbitrary code.

The vulnerability of the /api/upload component in the zdir application exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created .ssh fil...

curl security update

7.76.1-26 - unify the upload/method handling CVE-2023-28322 - fix host name wildcard checking CVE-2023-28321 7.76.1-25 - adapt the fix of CVE-2023-27535 for RHEL 9 curl 7.76.1-24 - fix SSH connection too eager reuse still CVE-2023-27538 - fix GSS delegation too eager connection re-use...

SUSE SLES15 Security Update : salt (SUSE-SU-2023:4390-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has not tested for this issue but has...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : salt (SUSE-SU-2023:4388-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4388-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has...

SUSE SLES15 Security Update : salt (SUSE-SU-2023:4389-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4389-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has not tested for this issue but has...