Fedora 40 : gh (2024-48aa5f1dae)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-48aa5f1dae advisory. Automatic update for gh-2.41.0-1.fc40. Changelog Mon Jan 8 2024 Mikel Olasagasti Uranga - 2.41.0-1 - Update to 2.41.0 - Closes rhbz2257273 rhbz2255084 Tenabl...

Amazon Linux AMI : xorg-x11-server (ALAS-2024-1932)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1932 advisory. Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer NOTE: https://lists.x.org/archives/xorg/2024-January/061525.htmlNOTE:...

Fedora 40 : filezilla / libfilezilla (2024-ff9a2fb31c)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ff9a2fb31c advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 40 : doctl (2023-0355346550)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0355346550 advisory. Automatic update for doctl-1.102.0-3.fc40. Changelog Sun Dec 31 2023 Mikel Olasagasti Uranga - Update to 1.102.0 - Closes rhbz2255468 rhbz2255083 Tenable has...

Fedora 40 : golang-x-crypto (2024-0d8d3b8dcc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0d8d3b8dcc advisory. Automatic update for golang-x-crypto-0.18.0-1.fc40. Changelog Tue Jan 9 2024 Mark E. Fuller - 0.18.0-1 - update to v0.18.0, close rhbz2255095 - CVE-2023-4879...

Fedora 40 : chisel (2023-b29031a7aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b29031a7aa advisory. Automatic update for chisel-1.9.0-1.fc40. Changelog Sun Aug 20 2023 Filipe Rosset - 1.9.0-1 - Update to 1.9.0 fixes rhbz2113146 rhbz2163065...

RHEL 7 / 8 : OpenShift Virtualization 4.11.0 RPMs (RHSA-2022:6527)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6527 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Denial Of Service (DoS)

putty is vulnerable to Denial Of Service DoS. The vulnerability is due to remote SSH-1 servers accessing freed memory locations via an SSH1MSGDISCONNECT message in PuTTY, allows remote SSH-1 servers to trigger a denial of service condition...

AZL-40229 CVE-2024-32884 affecting package rust for versions less than 1.75.0-9

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

AZL-40264 CVE-2024-32884 affecting package rust for versions less than 1.72.0-8

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884

The CVE-2024-32884 issue affects gitoxide’s gix-transport component. A crafted clone URL can bypass checking the username portion of the URL, allowing characters that the external SSH program would interpret as options, which can smuggle SSH options and, in a malicious context (e.g., with a malic...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

[SECURITY] Fedora 39 Update: putty-0.81-1.fc39

Putty is a SSH, Telnet & Rlogin client - this time for Linux...

[SECURITY] Fedora 38 Update: putty-0.81-1.fc38

Putty is a SSH, Telnet & Rlogin client - this time for Linux...

PYSEC-2024-232

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

CentOS 9 : openssh-8.7p1-38.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-38.el9 build changelog. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Fedora 39 : putty (2024-cba85cc558)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cba85cc558 advisory. Security fix for CVE-2024-31497. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

[SECURITY] [DLA 3794-1] putty security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3794-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès April 25, 2024 https://wiki.debian.org/LTS -...