PT-2024-17981 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server version 3.11.5 GitHub Enterprise Server version 3.10.7 GitHub Enterprise Server version 3.9.10 GitHub Enterprise Server version 3.8.15 Description: A command injection...

PT-2024-17967 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the...

libssh security update

An update is available for libssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

openssh security update

An update is available for openssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

K000138577: Python-asyncssh vulnerability CVE-2023-46446

Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." CVE-2023-46446 Impact There is no impact; F5 products are not affected by this...

Fedora: Security Advisory for openssh (FEDORA-2024-2aac54ebb7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20240212-01

A vulnerability in the PKCS11 function of the ssh-agent component of the OpenSSH cryptographic security tool is related to the following the use of an insecure search path. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute...

Rocky Linux 8 : tigervnc (RLSA-2024:0607)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0607 advisory. - A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can...

Fedora 38 : wireshark (2024-fdc7dfb959)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fdc7dfb959 advisory. New version 4.0.12. Includes fixes for CVE-2023-5371, CVE-2023-6174, CVE-2023-6175, CVE-2024-0208. Tenable has extracted the preceding description...

Updated filezilla packages fix a security vulnerability ("Terrapin attack")

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...

MGASA-2024-0034 Updated filezilla packages fix a security vulnerability ("Terrapin attack")

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Thi...

AlmaLinux 9 : gimp (ALSA-2024:0675)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0675 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

Fedora 39 : wireshark (2024-b72131479b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b72131479b advisory. New version 4.0.12. Includes fixes for CVE-2023-5371, CVE-2023-6174, CVE-2023-6175, CVE-2024-0208. Tenable has extracted the preceding description...

Design/Logic Flaw

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

CVE-2024-0229 Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

CVE-2024-0229 Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...