CVE-2023-49222

Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root privileges...

CVE-2023-49224

CVE-2023-49224 affects Precor touchscreen consoles P62, P80, and P82. The issue is the presence of a default SSH public key in the authorized_keys file, which could allow a remote attacker to gain root privileges. Public disclosures from multiple sources confirm the vulnerability and its impact a...

CVE-2023-49222

The CVE-2023-49222 issue affects the Precor touchscreen console P82, where a private SSH key is included that corresponds to a default public key. This configuration could allow a remote attacker to gain root privileges, per multiple sources (NVD/Red Hat/CNNVD). The core details describe the vuln...

Fedora: Security Advisory for rust-docopt (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-ssh-key-dir (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-uu_tee (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package

Summary Storage Virtualize Ansible Collection uses the third-party library paramiko to implement SSH for authentication to target systems. Version 3.3.1 of paramiko is vulnerable to CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GO-2024-2836 sshproxy vulnerable to SSH option injection in github.com/cea-hpc/sshproxy

sshproxy vulnerable to SSH option injection in github.com/cea-hpc/sshproxy...

RHEL 6 : cloud-init (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 Note that Nessus has not tested...

RHEL 6 : bzr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - bzr: does not strip bzr+ssh SSH options CVE-2017-14176 Note that Nessus has not tested for this issue but has inste...

RHEL 6 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libssh2: Using SSHMSGKEXINIT data unbounded CVE-2015-1782 Note that Nessus has not tested for this issue but has...

RHEL 6 : cvs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cvs: Command injection via malicious ssh URLs CVE-2017-12836 Note that Nessus has not tested for this issue but has...

RHEL 5 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: Command injection through clients via malicious svn+ssh URLs CVE-2017-9800 - Svnserve in Apac...

RHEL 6 : openstack-keystone (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-keystone: Improper check of tampered revocated PKI/PKIZ token CVE-2015-7546 Note that Nessus has not test...

RHEL 8 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - I...