CVE-2024-21886

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments...

CVE-2024-21885 Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

CVE-2024-21885 Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

CVE-2024-21885

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

CVE-2024-21885

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control. This allows a malicious individual to alter the headers of deployment keys.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in SSH key management during automated deployment scenarios. Exploiting this vulnerability could allow a malicious actor to modify the headers of deployment private keys...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.0 packages and security update

Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 10.15.0 security update

The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this updat...

MikroTik RouterOS Uncontrolled Resource Consumption (CVE-2020-20021)

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

MikroTik RouterOS Allocation of Resources Without Limits or Throttling (CVE-2020-10364)

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. This plugin only works with Tenable.ot. Plea...

RHCOS 4 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - golang:...

RHEL 8 / 9 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

btrbk: Remote Code Execution

Background btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below...

K000138682: libssh vulnerability CVE-2023-2283

Security Advisory Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The...

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig...

SUSE: Security Advisory (SUSE-SU-2024:0539-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : libssh2_org (SUSE-SU-2024:0543-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0543-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libssh2_org (SUSE-SU-2024:0558-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0558-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Bitvise SSH Server Detection Consolidation

Consolidation of Bitvise SSH Server detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...