CVE-2024-29960

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...

CVE-2024-29960 Identical SSH keys utilized inside the OVA image (CVE-2024-29960)

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...

CVE-2024-29960 Identical SSH keys utilized inside the OVA image (CVE-2024-29960)

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...

CVE-2024-29960

CVE-2024-29960 involves Brocade SANnav: in SANnav VMs based on the official OVA images, SSH keys are identical in every installation for versions before 2.3.1 and 2.3.0a, enabling MITM on SSH. This allows an attacker to decrypt and compromise SSH traffic to the SANnav appliance. The issue is tied...

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

EulerOS Virtualization 2.10.0 : libssh2 (EulerOS-SA-2024-1529)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2024-1552)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2024-1533)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

[SECURITY] Fedora 39 Update: filezilla-3.67.0-1.fc39

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFTP - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfe...

Fedora 39 : filezilla / libfilezilla (2024-8401d42de6)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8401d42de6 advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Oracle Database Server (Apr 2024 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the RDBMS Python component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitab...

CVE-2024-29951

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

CVE-2024-29951

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

CVE-2024-29951 Brocade SANnav has weak encryption in internal SSH ports

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

CVE-2024-29951 Brocade SANnav has weak encryption in internal SSH ports

Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection...

CVE-2024-29951

Brocade SANnav has CVE-2024-29951: before v2.3.1 and v2.3.0a, internal SSH ports use SHA-1 hashing, though these ports are not exposed to remote connections. The issue represents weak cryptography in internal SSH handling. Affected versions should be upgraded to SANnav 2.3.1 or later to remediate...

CVE-2024-29950

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...

CVE-2024-29950

CVE-2024-29950 affects Brocade SANnav prior to 2.3.1 and 2.3.0a. The FileTransfer class uses the ssh-rsa signature scheme with SHA-1, enabling a remote, unauthenticated attacker to potentially perform a man-in-the-middle attack. Public disclosures from NVD, Red Hat, and Broadcom/Brocade advisorie...

Biased ECDSA Nonce Generation

PuTTYis vulnerable to biased ECDSA nonce generation. The vulnerability is due to biased ECDSA nonce generation, allowing an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is particularly significant in scenarios where an adversary can re...