Fedora: Security Advisory for curl (FEDORA-2023-2884ba1528)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux: BSI TR-02102-4 3.3 Key Exchange Methods

When establishing the SSH connection, keys are exchanged in order to create and exchange shared session keys for authentication and encryption. The following key exchange methods are recommended: diffie-hellman-group-exchange-sha256, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512,...

Fedora 38 : curl (2023-0de03a9232)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0de03a9232 advisory. - fix SSH connection too eager reuse still CVE-2023-27538 - fix HSTS double-free CVE-2023-27537 - fix GSS delegation too eager connection re-use...

CVE-2023-0494

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs...

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible...

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible...

Cross site scripting

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible...

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible...

CVE-2022-48428

JetBrains TeamCity CVE-2022-48428: vulnerable before 2022.10.3 due to stored XSS on the SSH keys page. Root cause: stored scriptable content on the SSH keys settings, enabling attacker‑supplied JavaScript in affected instances. Affected software: JetBrains TeamCity (versions prior to 2022.10.3). ...

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible...

SUSE-SU-2023:1582-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. - CVE-2023-27534: Fixed SFTP path resolving discrepancy bsc1209210. - CVE-2023-27535: Fixed FTP too eager connection reuse bsc1209211. - CVE-2023-27536: Fixed GSS delegation too eager...

GitHub accidentally exposes RSA SSH key

Late last week, GitHub tweeted that it had replaced its RSA SSH "out of an abundance of caution," after accidentally exposing the key on a publicly accessible repository. How the accidental exposure managed to happen is unknown, but it means that anyone that happened to notice it and was able to...

CVE-2023-0494

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs...

CVE-2023-0494

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs...

Siemens SCALANCE and RUGGEDCOM Devices SSH Improper Restriction of Excessive Authentication Attempts (CVE-2021-25676)

A vulnerability has been identified in RUGGEDCOM RM1224 V6.3, SCALANCE M-800 V6.3, SCALANCE S615 V6.3, SCALANCE SC-600 All Versions = V2.1 and = V2.1 and V2.1.3. Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the...

Fedora 37 : curl (2023-2884ba1528)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2884ba1528 advisory. - fix SSH connection too eager reuse still CVE-2023-27538 - fix HSTS double-free CVE-2023-27537 - fix GSS delegation too eager connection re-use...

openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1570-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:1570-1 advisory. - CVE-2023-22742: Fixed SSH keys verification failure bsc1207364. Tenable has extracted the preceding description block directly from the SUSE security...

SUSE-SU-2023:1570-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2023-22742: Fixed SSH keys verification failure bsc1207364...

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository. The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to...

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository. The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to...