CVE-2023-22742 libgit2 fails to verify SSH keys by default

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

CVE-2023-22742

CVE-2023-22742 affects libgit2 when using SSH with the optional libssh2 backend. The issue is that certificate checking is not performed by default unless a certificate_check callback is explicitly configured in git_remote_callbacks, enabling potential MITM if server SSH keys are not validated. T...

CVE-2023-22742 libgit2 fails to verify SSH keys by default

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

CVE-2023-22742 libgit2 fails to verify SSH keys by default

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

RUSTSEC-2023-0003 git2 does not verify SSH keys by default

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...

git2 does not verify SSH keys by default

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...

Enumerate the Network Interface configuration via SSH

Nessus was able to parse the Network Interface data on the remote host. %NASLMINLEVEL 80900 C Tenble, Inc. include"compat.inc"; if description scriptid170170; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/02/11"; scriptnameenglish:"Enumerate the Network...

Slackware: Security Advisory (SSA:2023-018-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Control WebPanel / CentOS WebPanel (CWP) Detection Consolidation

Consolidation of Control WebPanel / CentOS WebPanel CWP detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12 security update

Red Hat OpenShift Container Platform release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

CVE-2023-22316

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

Design/Logic Flaw

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

PIX-RT100 安全漏洞

PIXELA CORPORATION PIX-RT100 is a home router from PIXELA CORPORATION, Japan. A security vulnerability exists in the PIX-RT100 RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 versions. A network neighbor attacker could access the product via an undocumented Telnet or SSH service...

CVE-2023-22316

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

CVE-2023-22316

The PIX-RT100 vulnerability CVE-2023-22316 describes a hidden functionality issue where a network-adjacent attacker can access the device via undocumented Telnet or SSH on PIX-RT100 releases RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101. The root cause is an undocumented service exposure that e...

CVE-2023-22316

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

Juniper Networks Junos OS Detection Consolidation

Consolidation of Juniper Networks Junos OS detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if...

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...