14864 matches found
OpenSSH < 9.3 Multiple Vulnerabilities
The version of OpenSSH installed on the remote host is prior to 9.3. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.3 advisory. - ssh-add1: when adding smartcard keys to ssh-agent1 with the per-hop destination constraints ssh-add -h ... added in OpenSSH 8.9,...
CVE-2023-28436
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
Design/Logic Flaw
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules. Affected platforms: FreeBSD Patched Tailscale client versions: v1.38.2 or later What happened? A difference i...
GHSA-VFGQ-G5X8-G595 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules. Affected platforms: FreeBSD Patched Tailscale client versions: v1.38.2 or later What happened? A difference i...
CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
CVE-2023-28436
CVE-2023-28436 affects Tailscale SSH on FreeBSD prior to 1.38.2. A difference in FreeBSD’s setgroups behavior caused the tailscaled egid to be used instead of the user’s, permitting some commands to run with a higher privilege group ID than allowed by Tailscale SSH access rules, under specific co...
CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
PT-2023-21719 · Tailscale · Tailscale
Name of the Vulnerable Software and Affected Versions: Tailscale versions 1.34.0 through 1.38.2 Description: A vulnerability in the implementation of Tailscale SSH on FreeBSD allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules. This issue...
RHEL 8 : nss (RHSA-2023:1436)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1436 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
FreeBSD : curl -- multiple vulnerabilities (0d7d104c-c6fb-11ed-8a4b-080027f5fec9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0d7d104c-c6fb-11ed-8a4b-080027f5fec9 advisory. - The vulnerability exists due to missing documentation of the TELNET protocol support and the...
FreeBSD : tailscale -- security vulnerability in Tailscale SSH (1b15a554-c981-11ed-bb39-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1b15a554-c981-11ed-bb39-901b0e9408dc advisory. - Tailscale team reports: A vulnerability identified in the implementation of Tailscale SSH in FreeBSD...
ShellBot DDoS Malware Targets Linux SSH Servers
By Deeba Ahmed As per a report from AhnLab Security Emergency Response Center ASEC, poorly managed Linux SSH servers are becoming… This is a post from HackRead.com Read the original post: ShellBot DDoS Malware Targets Linux SSH Servers...
tailscale -- security vulnerability in Tailscale SSH
Tailscale team reports: A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules...
SUSE-SU-2023:0865-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. - CVE-2023-27534: Fixed SFTP path resolving discrepancy bsc1209210. - CVE-2023-27535: Fixed FTP too eager connection reuse bsc1209211. - CVE-2023-27536: Fixed GSS delegation too eager...
CVE-2023-27538
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...
curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check
Vulnerability description not provided...
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLa...
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLa...