14829 matches found
GHSA-P69R-V3H4-RJ4F Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vm62-9jw3-c8w3. This link is maintained to preserve external references. Original Description The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote co...
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...
Exploit for Race Condition in Openbsd Openssh
0.省流 这本质上是一种统计漏洞:需要进行大量尝试才能赢得竞争条件并成功执行任意代码,攻击者需要克服很多障碍,”Schwa...
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...
CVE-2024-39930
CVE-2024-39930 affects the built-in SSH server in Gogs up to version 0.13.0, where argument injection in internal/ssh/ssh.go can lead to remote code execution when an authenticated user opens an SSH session and sends a malicious --split-string env request (Windows builds are unaffected). Public d...
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...
Missing key verification in gost
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...
GHSA-8WXX-35QC-VP6R Missing key verification in gost
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...
CVE-2024-39223
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...
CVE-2024-39223
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...
CVE-2024-39223
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...
Information on OpenSSH "regreSSHion" Vulnerability
...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 !Screenshot 2024-07-04 182931https://github.c...
CVE-2024-39223
CVE-2024-39223 affects gost v2.11.5, where the SSH service can be compromised via an authentication bypass by configuring the HostKeyCallback to ssh.InsecureIgnoreHostKey. The Red Hat advisory reiterates the vulnerability description and references the same affected version, noting an authenticat...
CVE-2024-39223
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...
CVE-2024-39223
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...
Important: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Possible remote code execution due to a race condition in signal handling...
PT-2024-28396 · Gost +1 · Gost +1
Name of the Vulnerable Software and Affected Versions: gost version 2.11.5 Description: An authentication bypass in the SSH service allows attackers to intercept communications by setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey. This issue is related to missing key verification ...
CBL Mariner 2.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)
The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...