Download
| Alert*
oval:org.secpod.oval:def:93239
openssh: secure shell for secure access to remote machines OpenSSH could be made to run programs as your login when using ssh-agent forwarding. oval:org.secpod.oval:def:4501443 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security ... oval:org.secpod.oval:def:507882 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security ... oval:org.secpod.oval:def:1601778 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system . Exploitation can also be prevented by starting ssh-agent with an empty PKCS#11/FIDO ... oval:org.secpod.oval:def:91230 The host is installed with OpenSSH before 9.3.2 and is prone to a remote code execution vulnerability. A flaw is present in application, which fails to handle PKCS#11 feature. Successful exploitation could lead to remote code execution if an agent is forwarded to an attacker-controlled system. oval:org.secpod.oval:def:507884 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security ... oval:org.secpod.oval:def:2501144 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. oval:org.secpod.oval:def:1701504 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system . Exploitation can also be prevented by starting ssh-agent with an empty PKCS#11/FIDO ... oval:org.secpod.oval:def:92829 The host is missing a patch containing security fixes, which affects the following package(s):openssh.base.server and openssh.base.client oval:org.secpod.oval:def:125941 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:708315 openssh: secure shell for secure access to remote machines OpenSSH could be made to run programs as your login when using ssh-agent forwarding. oval:org.secpod.oval:def:2600301 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. oval:org.secpod.oval:def:96179 The host is installed with Apple Mac OS before 14.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle issues in OpenSSH to 9.3p2. On successful exploitation, a vulnerability was discovered in OpenSSHs remote forwarding. oval:org.secpod.oval:def:507875 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security ... oval:org.secpod.oval:def:97741 [CLSA-2023:1691576939] openssh: Fix of CVE-2023-38408 oval:org.secpod.oval:def:19500328 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system . Exploitation can also be prevented by starting ssh-agent with an empty PKCS#11/FIDO ... oval:org.secpod.oval:def:507876 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security ... oval:org.secpod.oval:def:125959 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:206049 Security Fix: openssh: Remote code execution in ssh-agent PKCS#11 support For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:89049138 This update for openssh fixes the following issue: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agent ... oval:org.secpod.oval:def:1506858 [8.7p1-30] - Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408 oval:org.secpod.oval:def:89049137 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:1506837 [7.4p1-23.0.1] - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation [Orabug: 30448895] [7.4p1-23 + 0.10.3-2] - Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408 oval:org.secpod.oval:def:89049136 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:1506838 [8.0p1-19] - Release bump [8.0p1-18] - Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408 oval:org.secpod.oval:def:89049135 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:89049134 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:1507184 [5.3p1-124.0.2] - Fix for CVE-2016-6210 incomplete fix [Orabug: 29375502][CVE-2016-6210] [5.3p1-124.0.1] - Fix for CVE-2023-38408 [Orabug: 35672523] oval:org.secpod.oval:def:2108453 Oracle Solaris 11 - ( CVE-2023-38408 ) oval:org.secpod.oval:def:93503 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... |