[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

251139

 
 

909

 
 

196159

 
 

282

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:708723
paramiko: Python SSH2 library A protocol flaw was fixed in Paramiko.

oval:org.secpod.oval:def:89051386
This update for libssh fixes the following issues: Security fixes: * CVE-2023-6004: Fixed command injection using proxycommand * CVE-2023-48795: Fixed potential downgrade attack using strict kex * CVE-2023-6918: Fixed missing checks for return values of MD functions * CVE-2023-1667: Fixed NULL de ...

oval:org.secpod.oval:def:509043
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: ssh: Prefix truncation attack on Binary Packet Protocol For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ...

oval:org.secpod.oval:def:509120
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ...

oval:org.secpod.oval:def:96806
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:98668
filezilla: Full-featured graphical FTP/FTPS/SFTP client FileZilla could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:126908
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote prog ...

oval:org.secpod.oval:def:19500545
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ...

oval:org.secpod.oval:def:126959
podman is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands c ...

oval:org.secpod.oval:def:98311
The host is installed with Apple Mac OS 14 before 14.4 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle issues in unspecified vectors. On successful exploitation, multiple issues in openssh.

oval:org.secpod.oval:def:126954
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple ;virtual; FTP servers, anonymous FTP, and permission-based direc ...

oval:org.secpod.oval:def:99163
The host is installed with Oracle Database Server 19c, or 21c and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle handle vectors related to Oracle SQLcl and Grid Infrastructure (Apache Mina SSHD). Successful exploitation allows attackers to affec ...

oval:org.secpod.oval:def:96099
The host is installed with Apache SSHD through 2.11.0, PuTTY before 0.80, WinSCP before 6.2.2, SecureCRT before 9.4.3, FileZilla before 3.66.4, OpenSSH before 9.6, Oracle Database Server 19c, or 21c and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to ...

oval:org.secpod.oval:def:126950
podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines.

oval:org.secpod.oval:def:126952
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple ;virtual; FTP servers, anonymous FTP, and permission-based direc ...

oval:org.secpod.oval:def:127008
This packages holds packages for writing tools that work directly with Go module mechanics. That is, it is for direct manipulation of Go modules themselves.

oval:org.secpod.oval:def:126953
Python 3 library for asynchronous client and server-side SSH communication. It uses the Python asyncio module and implements many SSH protocol features such as the various channels, SFTP, SCP, forwarding, session multiplexing over a connection and more.

oval:org.secpod.oval:def:89051452
This update for cosign fixes the following issues: Updated to 2.2.3 : Bug Fixes: * Fix race condition on verification with multiple signatures attached to image * fix: Fix clean cmd for private registries * Fixed BYO PKI verification Features: * Allow for option in cosign attest and attest-blob t ...

oval:org.secpod.oval:def:708677
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:127011
This packages holds packages for writing tools that work directly with Go module mechanics. That is, it is for direct manipulation of Go modules themselves.

oval:org.secpod.oval:def:708711
filezilla: Full-featured graphical FTP/FTPS/SFTP client FileZilla could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:97869
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ...

oval:org.secpod.oval:def:89051455
This update for rekor fixes the following issues: update to 1.3.5 : * Additional unique index correction * Remove timestamp from checkpoint * Drop conditional when verifying entry checkpoint * Fix panic for DSSE canonicalization * Change Redis value for locking mechanism * give log timestamps nanose ...

oval:org.secpod.oval:def:3302217
Security update for tinyssh

oval:org.secpod.oval:def:3302216
Security update for libssh2_org

oval:org.secpod.oval:def:708676
libssh: A tiny C SSH library A security issue was fixed in libssh.

oval:org.secpod.oval:def:89051497
This update for libssh fixes the following issues: Update to version 0.9.8 : * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Allow @ in usernames whe ...

oval:org.secpod.oval:def:98679
paramiko: Python SSH2 library A protocol flaw was fixed in Paramiko.

oval:org.secpod.oval:def:97868
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ...

oval:org.secpod.oval:def:19500550
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommend customers update ...

oval:org.secpod.oval:def:89051294
This update for libssh2_org fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity .

oval:org.secpod.oval:def:89051492
This update for libssh2_org fixes the following issues: * Always add the KEX pseudo-methods "ext-info-c" and "kex-strict- c-v00 at openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, wh ...

oval:org.secpod.oval:def:97870
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ...

oval:org.secpod.oval:def:1507320
[7.4p1-23.0.3] - add KEX_INITIAL flag [Orabug: 36160445] - implement quot;strict key exchangequot; [CVE-2023-48795][Orabug: 36160445]

oval:org.secpod.oval:def:127016
Go supplementary cryptography libraries.

oval:org.secpod.oval:def:2108508
Oracle Solaris 11 - ( CVE-2023-48795 )

oval:org.secpod.oval:def:89051405
This update for apache-parent, apache-sshd fixes the following issues: apache-parent was updated from version 28 to 31: * Version 31: * New Features: * Added maven-checkstyle-plugin to pluginManagement * Improvements: * Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins * Using an S ...

oval:org.secpod.oval:def:89051326
This update for libssh2_org fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity .

oval:org.secpod.oval:def:127019
Go supplementary cryptography libraries.

oval:org.secpod.oval:def:89051329
This update for python-paramiko fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack . * Update to 3.4.0.

oval:org.secpod.oval:def:3302188
Security update for python-paramiko

oval:org.secpod.oval:def:3302221
Security update for proftpd

oval:org.secpod.oval:def:3302408
Security update for libssh2_org

oval:org.secpod.oval:def:89051484
This update for libssh fixes the following issues: Update to version 0.9.8 : * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Allow @ in usernames whe ...

oval:org.secpod.oval:def:708701
libssh2: Client-side C library implementing the SSH2 protocol libssh2 could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:89051287
This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity .

oval:org.secpod.oval:def:96506
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:89051284
This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity .

oval:org.secpod.oval:def:127021
podman is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands c ...

oval:org.secpod.oval:def:89051444
This update for bouncycastle, jsch fixes the following issues: * Updated jsch to version 0.2.15: * CVE-2023-48795: Fixed a prefix truncation issue that could lead to disclosure of sensitive information . * Updated bouncycastle to version 1.77.

oval:org.secpod.oval:def:89051401
This update for erlang fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack

oval:org.secpod.oval:def:3302207
Security update for apache-parent, apache-sshd

oval:org.secpod.oval:def:612881
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ...

oval:org.secpod.oval:def:96944
Several vulnerabilities were discovered in libssh, a tiny C SSH library. CVE-2023-6004 It was reported that using the ProxyCommand or the ProxyJump feature may allow an attacker to inject malicious code through specially crafted hostnames. CVE-2023-6918 Jack Weinstein reported that missing checks fo ...

oval:org.secpod.oval:def:89051280
This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . the following non-security bug was fixed: * Fix the "no route to host" error when connecting via ProxyJump

oval:org.secpod.oval:def:96941
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ...

oval:org.secpod.oval:def:1507378
[1.31.4-1.0.1] - update to https://github.com/containers/buildah/releases/tag/v1.31 - https://github.com/containers/buildah/commit/11bbf33

oval:org.secpod.oval:def:2501321
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

oval:org.secpod.oval:def:612884
Several vulnerabilities were discovered in libssh, a tiny C SSH library. CVE-2023-6004 It was reported that using the ProxyCommand or the ProxyJump feature may allow an attacker to inject malicious code through specially crafted hostnames. CVE-2023-6918 Jack Weinstein reported that missing checks fo ...

oval:org.secpod.oval:def:126978
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote prog ...

oval:org.secpod.oval:def:612928
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ...

oval:org.secpod.oval:def:612929
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ...

oval:org.secpod.oval:def:127075
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information.

oval:org.secpod.oval:def:3302238
Security update for putty

oval:org.secpod.oval:def:2600520
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Docke ...

oval:org.secpod.oval:def:127073
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information.

oval:org.secpod.oval:def:89051278
This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity .

oval:org.secpod.oval:def:96797
libssh: A tiny C SSH library A security issue was fixed in libssh.

oval:org.secpod.oval:def:1601867
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ...

oval:org.secpod.oval:def:612930
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the Terrapin attack. This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messa ...

oval:org.secpod.oval:def:126948
podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines.

oval:org.secpod.oval:def:126987
Putty is a SSH, Telnet Rlogin client - this time for Linux.

oval:org.secpod.oval:def:4501526
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: * ssh: Prefix truncation attack on Binary Packet Protocol For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other relat ...

oval:org.secpod.oval:def:1507309
[0.9.6-13] - Client and Server side mitigations - Strip extensions from both kex lists for matching - tests: Adjust calculation to strict kex

oval:org.secpod.oval:def:126983
Putty is a SSH, Telnet Rlogin client - this time for Linux.

oval:org.secpod.oval:def:89051501
This update for libssh2_org fixes the following issues: * Always add the KEX pseudo-methods "ext-info-c" and "kex-strict- c-v00 at openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, wh ...

oval:org.secpod.oval:def:126986
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:1701991
AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH to fix this issue, which needs to be supported by both the client and server. We recommend customers update to the latest ...

oval:org.secpod.oval:def:509124
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: ssh: Prefix truncation attack on Binary Packet Protocol openssh: potential command injection via ...

oval:org.secpod.oval:def:126991
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:96939
Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite. CVE-2021-41617 It was discovered that sshd failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUse ...

oval:org.secpod.oval:def:612879
Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite. CVE-2021-41617 It was discovered that sshd failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUse ...

oval:org.secpod.oval:def:1507329
[8.0p1-19.0.1.2] - Update patches for CVE-2023-51385, CVE-2023-48795 [Orabug: 36256632] [8.0p1-19.2] - Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385 - Fix Terrapin attack Resolves: CVE-2023-48795

oval:org.secpod.oval:def:1507374
[8.7p1-34.3] - Fix Terrapin attack Resolves: RHEL-19764 - Forbid shell metasymbols in username/hostname Resolves: RHEL-19822

oval:org.secpod.oval:def:127033
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:98536
The host is missing a patch containing security fixes, which affects the following package(s):openssh.base.server and openssh.base.client

oval:org.secpod.oval:def:509034
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: ssh: Prefix truncation attack on Binary Packet Protocol openssh: potential command injection via ...

oval:org.secpod.oval:def:2501316
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

oval:org.secpod.oval:def:2600519
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

oval:org.secpod.oval:def:98308
The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues in various components. Successful exploitation allow attackers to execute arbitrary, cause denial ...

CWE    1
CWE-354
*CVE
CVE-2023-48795

© SecPod Technologies