Download
| Alert*
oval:org.secpod.oval:def:708723
paramiko: Python SSH2 library A protocol flaw was fixed in Paramiko. oval:org.secpod.oval:def:89051386 This update for libssh fixes the following issues: Security fixes: * CVE-2023-6004: Fixed command injection using proxycommand * CVE-2023-48795: Fixed potential downgrade attack using strict kex * CVE-2023-6918: Fixed missing checks for return values of MD functions * CVE-2023-1667: Fixed NULL de ... oval:org.secpod.oval:def:509043 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: ssh: Prefix truncation attack on Binary Packet Protocol For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:509120 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:96806 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:98668 filezilla: Full-featured graphical FTP/FTPS/SFTP client FileZilla could be made to expose sensitive information over the network. oval:org.secpod.oval:def:126908 The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote prog ... oval:org.secpod.oval:def:19500545 AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ... oval:org.secpod.oval:def:126959 podman is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands c ... oval:org.secpod.oval:def:98311 The host is installed with Apple Mac OS 14 before 14.4 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle issues in unspecified vectors. On successful exploitation, multiple issues in openssh. oval:org.secpod.oval:def:126954 ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple ;virtual; FTP servers, anonymous FTP, and permission-based direc ... oval:org.secpod.oval:def:99163 The host is installed with Oracle Database Server 19c, or 21c and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle handle vectors related to Oracle SQLcl and Grid Infrastructure (Apache Mina SSHD). Successful exploitation allows attackers to affec ... oval:org.secpod.oval:def:96099 The host is installed with Apache SSHD through 2.11.0, PuTTY before 0.80, WinSCP before 6.2.2, SecureCRT before 9.4.3, FileZilla before 3.66.4, OpenSSH before 9.6, Oracle Database Server 19c, or 21c and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to ... oval:org.secpod.oval:def:126950 podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. oval:org.secpod.oval:def:126952 ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple ;virtual; FTP servers, anonymous FTP, and permission-based direc ... oval:org.secpod.oval:def:127008 This packages holds packages for writing tools that work directly with Go module mechanics. That is, it is for direct manipulation of Go modules themselves. oval:org.secpod.oval:def:126953 Python 3 library for asynchronous client and server-side SSH communication. It uses the Python asyncio module and implements many SSH protocol features such as the various channels, SFTP, SCP, forwarding, session multiplexing over a connection and more. oval:org.secpod.oval:def:89051452 This update for cosign fixes the following issues: Updated to 2.2.3 : Bug Fixes: * Fix race condition on verification with multiple signatures attached to image * fix: Fix clean cmd for private registries * Fixed BYO PKI verification Features: * Allow for option in cosign attest and attest-blob t ... oval:org.secpod.oval:def:708677 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:127011 This packages holds packages for writing tools that work directly with Go module mechanics. That is, it is for direct manipulation of Go modules themselves. oval:org.secpod.oval:def:708711 filezilla: Full-featured graphical FTP/FTPS/SFTP client FileZilla could be made to expose sensitive information over the network. oval:org.secpod.oval:def:97869 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:89051455 This update for rekor fixes the following issues: update to 1.3.5 : * Additional unique index correction * Remove timestamp from checkpoint * Drop conditional when verifying entry checkpoint * Fix panic for DSSE canonicalization * Change Redis value for locking mechanism * give log timestamps nanose ... oval:org.secpod.oval:def:3302217 Security update for tinyssh oval:org.secpod.oval:def:3302216 Security update for libssh2_org oval:org.secpod.oval:def:708676 libssh: A tiny C SSH library A security issue was fixed in libssh. oval:org.secpod.oval:def:89051497 This update for libssh fixes the following issues: Update to version 0.9.8 : * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Allow @ in usernames whe ... oval:org.secpod.oval:def:98679 paramiko: Python SSH2 library A protocol flaw was fixed in Paramiko. oval:org.secpod.oval:def:97868 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:19500550 AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update ... oval:org.secpod.oval:def:89051294 This update for libssh2_org fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:89051492 This update for libssh2_org fixes the following issues: * Always add the KEX pseudo-methods "ext-info-c" and "kex-strict- c-v00 at openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, wh ... oval:org.secpod.oval:def:97870 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:1507320 [7.4p1-23.0.3] - add KEX_INITIAL flag [Orabug: 36160445] - implement quot;strict key exchangequot; [CVE-2023-48795][Orabug: 36160445] oval:org.secpod.oval:def:127016 Go supplementary cryptography libraries. oval:org.secpod.oval:def:2108508 Oracle Solaris 11 - ( CVE-2023-48795 ) oval:org.secpod.oval:def:89051405 This update for apache-parent, apache-sshd fixes the following issues: apache-parent was updated from version 28 to 31: * Version 31: * New Features: * Added maven-checkstyle-plugin to pluginManagement * Improvements: * Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins * Using an S ... oval:org.secpod.oval:def:89051326 This update for libssh2_org fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:127019 Go supplementary cryptography libraries. oval:org.secpod.oval:def:89051329 This update for python-paramiko fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack . * Update to 3.4.0. oval:org.secpod.oval:def:3302188 Security update for python-paramiko oval:org.secpod.oval:def:3302221 Security update for proftpd oval:org.secpod.oval:def:3302408 Security update for libssh2_org oval:org.secpod.oval:def:89051484 This update for libssh fixes the following issues: Update to version 0.9.8 : * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Allow @ in usernames whe ... oval:org.secpod.oval:def:708701 libssh2: Client-side C library implementing the SSH2 protocol libssh2 could be made to expose sensitive information over the network. oval:org.secpod.oval:def:89051287 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:96506 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:89051284 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:127021 podman is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands c ... oval:org.secpod.oval:def:89051444 This update for bouncycastle, jsch fixes the following issues: * Updated jsch to version 0.2.15: * CVE-2023-48795: Fixed a prefix truncation issue that could lead to disclosure of sensitive information . * Updated bouncycastle to version 1.77. oval:org.secpod.oval:def:89051401 This update for erlang fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack oval:org.secpod.oval:def:3302207 Security update for apache-parent, apache-sshd oval:org.secpod.oval:def:612881 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:96944 Several vulnerabilities were discovered in libssh, a tiny C SSH library. CVE-2023-6004 It was reported that using the ProxyCommand or the ProxyJump feature may allow an attacker to inject malicious code through specially crafted hostnames. CVE-2023-6918 Jack Weinstein reported that missing checks fo ... oval:org.secpod.oval:def:89051280 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . the following non-security bug was fixed: * Fix the "no route to host" error when connecting via ProxyJump oval:org.secpod.oval:def:96941 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:1507378 [1.31.4-1.0.1] - update to https://github.com/containers/buildah/releases/tag/v1.31 - https://github.com/containers/buildah/commit/11bbf33 oval:org.secpod.oval:def:2501321 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. oval:org.secpod.oval:def:612884 Several vulnerabilities were discovered in libssh, a tiny C SSH library. CVE-2023-6004 It was reported that using the ProxyCommand or the ProxyJump feature may allow an attacker to inject malicious code through specially crafted hostnames. CVE-2023-6918 Jack Weinstein reported that missing checks fo ... oval:org.secpod.oval:def:126978 The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote prog ... oval:org.secpod.oval:def:612928 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:612929 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:127075 Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information. oval:org.secpod.oval:def:3302238 Security update for putty oval:org.secpod.oval:def:2600520 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ... oval:org.secpod.oval:def:127073 Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information. oval:org.secpod.oval:def:89051278 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:96797 libssh: A tiny C SSH library A security issue was fixed in libssh. oval:org.secpod.oval:def:1601867 AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ... oval:org.secpod.oval:def:612930 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ... oval:org.secpod.oval:def:126948 podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. oval:org.secpod.oval:def:126987 Putty is a SSH, Telnet Rlogin client - this time for Linux. oval:org.secpod.oval:def:4501526 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: * ssh: Prefix truncation attack on Binary Packet Protocol For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ... oval:org.secpod.oval:def:1507309 [0.9.6-13] - Client and Server side mitigations - Strip extensions from both kex lists for matching - tests: Adjust calculation to strict kex oval:org.secpod.oval:def:126983 Putty is a SSH, Telnet Rlogin client - this time for Linux. oval:org.secpod.oval:def:89051501 This update for libssh2_org fixes the following issues: * Always add the KEX pseudo-methods "ext-info-c" and "kex-strict- c-v00 at openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, wh ... oval:org.secpod.oval:def:126986 Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ... oval:org.secpod.oval:def:1701991 AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ... oval:org.secpod.oval:def:509124 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: ssh: Prefix truncation attack on Binary Packet Protocol openssh: potential command injection via ... oval:org.secpod.oval:def:126991 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:96939 Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite. CVE-2021-41617 It was discovered that sshd failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUse ... oval:org.secpod.oval:def:612879 Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite. CVE-2021-41617 It was discovered that sshd failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUse ... oval:org.secpod.oval:def:1507329 [8.0p1-19.0.1.2] - Update patches for CVE-2023-51385, CVE-2023-48795 [Orabug: 36256632] [8.0p1-19.2] - Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385 - Fix Terrapin attack Resolves: CVE-2023-48795 oval:org.secpod.oval:def:1507374 [8.7p1-34.3] - Fix Terrapin attack Resolves: RHEL-19764 - Forbid shell metasymbols in username/hostname Resolves: RHEL-19822 oval:org.secpod.oval:def:127033 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:98536 The host is missing a patch containing security fixes, which affects the following package(s):openssh.base.server and openssh.base.client oval:org.secpod.oval:def:509034 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: ssh: Prefix truncation attack on Binary Packet Protocol openssh: potential command injection via ... oval:org.secpod.oval:def:2501316 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. oval:org.secpod.oval:def:2600519 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. oval:org.secpod.oval:def:98308 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues in various components. Successful exploitation allow attackers to execute arbitrary, cause denial ... |