Incorrect Authorization

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization. When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially droppin...

CVE-2022-28384

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part...

SUSE-SU-2023:2256-1 Security update for runc

This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release bsc1200441...

SUSE-SU-2023:2179-1 Security update for helm

This update of helm fixes the following issues: - rebuild the package with the go 19.9 secure release bsc1200441...

SUSE-SU-2023:2174-1 Security update for container-suseconnect

This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release bsc1200441...

PT-2023-36162 · Conmon · Conmon

Name of the Vulnerable Software and Affected Versions: conmon affected versions not specified Description: The issue is related to the conmon package, which has been rebuilt with the go 19.9 secure release to address a security concern. Recommendations: At the moment, there is no information abou...

SUSE-SU-2023:2137-1 Security update for runc

This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release bsc1200441...

SUSE-SU-2023:2136-1 Security update for prometheus-ha_cluster_exporter

This update of prometheus-haclusterexporter fixes the following issues: - rebuild the package with the go 19.9 secure release bsc1200441...

PT-2023-36161 · Amazon · Amazon-Ssm-Agent

Name of the Vulnerable Software and Affected Versions: amazon-ssm-agent affected versions not specified Description: The issue is related to a security concern that has been addressed by rebuilding the package with the go 19.9 secure release. Recommendations: At the moment, there is no informatio...

CVE-2022-28386

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout e.g., requiring a reformat of the drive after 20 failed unlock attempts does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number...

CVE-2022-28383

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive e.g., by leveraging physical access during the supply chain. This code is then...

CVE-2022-28382

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...

CVE-2022-28382

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...

PT-2022-18991 · Verbatim · Verbatim Fingerprint Secure Portable Hard Drive +3

Name of the Vulnerable Software and Affected Versions: Verbatim Keypad Secure USB 3.2 Gen 1 Drive versions through 2022-03-31 Verbatim Store 'n' Go Secure Portable HDD GD25LK01-3637-C versions through VER4.0 Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C versions through VER1.1...

DEBIAN-CVE-2020-9283

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

Buffer overflow

Buffer overflow in the Configuration Checker ConfigChk ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method...

CVE-2007-1083

The CVE-2007-1083 issue affects the VeriSign Configuration Checker ActiveX control (VSCnfChk.dll, version 2.0.0.2) used in VeriSign PKI products. The Nessus entry confirms a stack/buffer overflow in VerCompare() that can allow remote code execution when a user is tricked into loading a crafted we...