Debian dla-3398 : curl - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3398 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3398-1 [email protected]...

curl: Fix of CVE-2023-27534

CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix resolving SCP relative path...

Debian: Security Advisory (DLA-3398-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3398-1] curl security update

Debian LTS Advisory DLA-3398-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 21, 2023 https://wiki.debian.org/LTS Package : curl Version : 7.64.0-4+deb10u6 CVE ID : CVE-2023-27533 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 Several security vulnerabilitie...

Schneider Electric StruxureWare Data Center Expert Operating System Command Injection Vulnerability

Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An operating system command injection...

Siemens SCALANCE X-200IRT Devices Inadequate Encryption Strength (CVE-2023-29054)

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

SUSE CVE-2023-1944

This vulnerability enables ssh access to minikube container using a default password...

PT-2023-9256

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.0 and earlier Description The built-in SSH server of Gogs allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending ...

Fedora: Security Advisory for openssh (FEDORA-2023-123647648e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1909-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1909-1 advisory. - CVE-2023-22742: Fixed SSH keys verification failure bsc1207364. Tenable has extracted the preceding description block directly from the...

CBL Mariner 2.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-27538)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27538 advisory. - An authentication bypass vulnerability exists in libcurl prior to v8.0.0...

Cisco StarOS Software Key-Based SSH Authentication Privilege Escalation Vulnerability

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this...

SUSE-SU-2023:1909-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2023-22742: Fixed SSH keys verification failure bsc1207364...

Fedora: Security Advisory for openssh (FEDORA-2023-1176c8b10c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-25555

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert V7.9.2 an...

CVE-2023-25555

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert V7.9.2 an...

CVE-2023-25555

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert V7.9.2 an...

[SECURITY] Fedora 37 Update: openssh-8.8p1-10.fc37

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

The vulnerability of SSH-agent’s identification keys in the OpenSSH cryptographic protection mechanism allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of SSH-agent’s identification keys in the OpenSSH encryption method is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0777, CVE-2016-0778)

Summary An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter. Vulnerability Details Summary An...