Lucene search
+L

315 matches found

OpenVAS
OpenVAS
added 2025/04/25 12:0 a.m.11 views

Erlang/OTP (Erlang OTP) Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - Windows

Erlang/OTP Erlang OTP is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

5.9CVSS6.2AI score0.93305EPSS
Exploits4References6
Citrix
Citrix
added 2025/04/08 12:0 a.m.9 views

SSH Prefix Truncation Vulnerability (Terrapin attack) on Citrix Applayering

SSH Prefix Truncation Vulnerability Terrapin attack on Citrix App Layering . Note: The Terrapin attack can reduce the security of SSH by using a downgrade attack via man-in-the-middle interception. The attack works by prefix truncation; the injection and deletion of messages during feature...

7.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:39 p.m.12 views

Security Bulletin: Security Vulnerability in Apache MINA SSHD Affects IBM Sterling B2B Integrator (CVE-2024-41909)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability from Apache MINA SSHD Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION: Apache MINA SSHD could allow a remote attacker to bypass security restrictions. An attacker who can intercept traffic between the client and...

5.9CVSS7AI score0.00581EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2023-48795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks...

5.9CVSS6.8AI score0.93305EPSS
Exploits4References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 12:37 p.m.13 views

Security Bulletin: Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-48795]

Summary The paramiko package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH befo...

5.9CVSS6.4AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/19 4:0 p.m.25 views

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Apache Mina SSHD package (CVE-2023-48795)

Summary The Apache Mina SSHD package is used by the z/TPF system as part of the z/TPF secure file transfer support. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS7.5AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/30 7:9 a.m.13 views

Security Bulletin: Vulnerability in OpenSSH affects watsonx.data

Summary The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks . This could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain...

5.9CVSS7.1AI score0.93305EPSS
Exploits4Affected Software1
Debian
Debian
added 2024/11/29 8:56 p.m.90 views

[SECURITY] [DLA 3975-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3975-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 29, 2024 https://wiki.debian.org/LTS -...

7.5CVSS7.5AI score0.93305EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2024/10/26 12:0 a.m.54 views

Fortinet FortiWeb OpenSSH Terrapin attack (CVE-2023-48795) (FG-IR-23-490)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-490 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2024/10/17 12:0 a.m.28 views

Slackware: Security Advisory (SSA:2024-290-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.7AI score0.93305EPSS
Exploits4References3
OpenVAS
OpenVAS
added 2024/10/03 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-7051-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.7AI score0.93305EPSS
Exploits4References2
Ubuntu
Ubuntu
added 2024/10/02 3:58 a.m.11 views

USN-7051-1: AsyncSSH vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

5.9CVSS7AI score0.93305EPSS
Exploits4
OSV
OSV
added 2024/10/02 3:58 a.m.5 views

USN-7051-1 python-asyncssh vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

5.9CVSS6.8AI score0.93305EPSS
Exploits4References2
Debian
Debian
added 2024/08/18 7:16 p.m.17 views

[SECURITY] [DSA 5750-1] python-asyncssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5750-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 18, 2024 https://www.debian.org/security/faq -...

5.9CVSS7AI score0.93305EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2024/08/18 12:0 a.m.23 views

Debian dsa-5750 : python-asyncssh-doc - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5750 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5750-1 [email protected] https://www.debian.org/security/ Moritz...

5.9CVSS7AI score0.93305EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2024/08/16 1:11 a.m.21 views

CVE-2024-41909

A flaw was found in Apache MINA SSHD. This flaw allows an attacker who can intercept traffic between the client and server to drop certain packets from the stream. This potentially causes a Terrapin attack where the client and server consequently end up with a connection for which some security...

5.9CVSS5.8AI score0.00581EPSS
Exploits0References5
Veracode
Veracode
added 2024/08/13 5:36 a.m.17 views

Improper Validation Of Integrity Check Value

org.apache.sshd, sshd-common is vulnerable for Improper Validation Of Integrity Check Value. The vulnerability is due to the possibility of packet interception, where an attacker can intercept traffic between the client and server and drop certain packets from the stream, potentially downgrading ...

5.9CVSS7.2AI score0.00581EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2024/08/12 6:30 p.m.73 views

Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

5.9CVSS6AI score0.00581EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/08/12 6:30 p.m.35 views

GHSA-2326-HX7G-3M9R Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

8.2CVSS6.6AI score0.00581EPSS
Exploits0References10
NVD
NVD
added 2024/08/12 4:15 p.m.71 views

CVE-2024-41909

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

5.9CVSS0.00581EPSS
Exploits0References3
Rows per page
Query Builder