Debian dla-3288 : curl - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3288 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3288-1 [email protected]...

Ubuntu: Security Advisory (USN-5148-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5173-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3421-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4854-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

Hardcoded credentials

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

Siretta QUARTZ-GOLD DetranCLI command parsing stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2022-1613 Siretta QUARTZ-GOLD DetranCLI command parsing stack-based buffer overflow vulnerabilities January 26, 2023 CVE Number...

Improper Input Validation

libgit2 is vulnerable to Improper Input Validation. When using an SSH remote with the optional libssh2 backend, it does not perform certificate checking by default subjecting to a man-in-the-middle attack...

GHSA-CQ4P-VP5Q-4522 Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It was discovered that the security advisory CVE-2021-36782 GHSA-g7j7-h4q8-8w2f, previously released by Rancher, missed addressing some sensitive fields, secret tokens...

Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It was discovered that the security advisory CVE-2021-36782 GHSA-g7j7-h4q8-8w2f, previously released by Rancher, missed addressing some sensitive fields, secret tokens...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.66 (SUSE-SU-2023:0132-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0132-1 advisory. - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : PAM vulnerability (USN-5825-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5825-1 advisory. It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker cou...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.65 (SUSE-SU-2023:0133-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0133-1 advisory. - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies...

Amazon Linux 2022 : cargo, clippy, rust (ALAS2022-2023-278)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-278 advisory. Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit...

SUSE: Security Advisory (SUSE-SU-2023:0132-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0133-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-24022 Hard Coded Credential Crypt Vulnerability

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware RTS/RTD 3.7.11.3 contain hardcoded credentials stored in the firmware and encrypted by the crypt function, allowing remote attackers to authenticate via SSH. This is documented across multiple sources (NVD/Red Hat/CNNV...