Fedora 39 : podman-tui (2023-20feb865d8)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-20feb865d8 advisory. release v0.15.0 includes security fix for CVE-2023-48795 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service DDoS attacks. "Threat...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2023-0071)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Refere...

Fedora: Security Advisory (FEDORA-2023-7141950083)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202312-16 : libssh: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-16 libssh: Multiple Vulnerabilities - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are...

GLSA-202312-17 : OpenSSH: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-17 OpenSSH: Multiple Vulnerabilities - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets ar...

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security. Note that this plugin only checks for remote SSH servers that support...

[SECURITY] [DLA 3694-1] openssh security update

Debian LTS Advisory DLA-3694-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón December 25, 2023 https://wiki.debian.org/LTS Package : openssh Version : 1:7.9p1-10+deb10u4 CVE ID : CVE-2021-41617 CVE-2023-48795 CVE-2023-51385 Debian Bug : 995130 Several...

The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2

...

CVE-2023-40236

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...

Authentication flaw

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...

CVE-2023-40236

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...

CVE-2023-40236

CVE-2023-40236 affects the Pexip VMR self-service portal prior to version 3. The issue is that the same SSH host key is reused across different customer installations, enabling authentication bypass. Affected component: Pexip VMR self-service portal; root cause: shared SSH host key across install...

CVE-2023-40236

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...

PT-2023-27343 · Pexip · Pexip Vmr

Name of the Vulnerable Software and Affected Versions: Pexip VMR self-service portal versions prior to 3 Description: The issue allows authentication bypass due to the use of the same SSH host key across different customers' installations. Recommendations: For versions prior to 3, update to versi...

Virtuozzo Hybrid Infrastructure 6.0 Update 1 (6.0.1-76)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover improvements in the compute service, object storage, alerts and monitoring. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...

Debian: Security Advisory (DSA-5586-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5588-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5588-1] putty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5588-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2023 https://www.debian.org/security/faq -...

Debian DSA-5588-1 : putty - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5588 advisory. - PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an...