SUSE SLES15 Security Update : ca-certificates-mozilla (SUSE-SU-2023:0003-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0003-1 advisory. - Updated to 2.60 state of Mozilla SSL root CAs bsc1206622 Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate...

Debian dla-3256 : xdmx - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3256 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3256-1 [email protected]...

PT-2023-32217 · Gnome +3 · Gnome-Control-Center +3

Name of the Vulnerable Software and Affected Versions: gnome-control-center affected versions not specified Description: The issue arises when the system is configured to use systemd socket activation for openssh-server, causing gnome-control-center to not properly reflect the SSH remote login...

PT-2023-24655 · Salt-Ssh +3 · Salt-Ssh +3

Name of the Vulnerable Software and Affected Versions: Salt-SSH affected versions not specified Description: The issue concerns a predictable script path in the Salt-SSH pre-flight option, allowing an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and...

Command Injection

rdiffweb is vulnerable to command injection. The vulnerability exists in notification.py due to lack of character sanitisation in SSH key names which allows an attacker to inject a hyperlink that allows an attacker to redirect victim to malicious website...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2890)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-4768

A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function addpublickey of the file grouper/publickey.py of the component SSH Public Key Handler. The manipulation of the argument publickeystr leads to injection. It is possible to launch the attack...

CVE-2022-4768

A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function addpublickey of the file grouper/publickey.py of the component SSH Public Key Handler. The manipulation of the argument publickeystr leads to injection. It is possible to launch the attack...

Design/Logic Flaw

A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function addpublickey of the file grouper/publickey.py of the component SSH Public Key Handler. The manipulation of the argument publickeystr leads to injection. It is possible to launch the attack...

CVE-2022-4768 Dropbox merou SSH Public Key public_key.py add_public_key injection

A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function addpublickey of the file grouper/publickey.py of the component SSH Public Key Handler. The manipulation of the argument publickeystr leads to injection. It is possible to launch the attack...

CVE-2022-4768

CVE-2022-4768 affects Dropbox Merou’s SSH Public Key Handler. The vulnerability lies in the add_public_key function of grouper/public_key.py, where manipulating the argument public_key_str leads to injection. It is possible to launch the attack remotely. The patch identified is d93087973afa26bc0a...

GHSA-83PM-7V48-5JP4 rdiffweb vulnerable to Special Element Injection

In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites...

rdiffweb vulnerable to Special Element Injection

In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites...

Dahua software products 授权问题漏洞

Dahua software products are a family of applications from Dahua Corporation of China. A security vulnerability exists in several Dahua software products, which originates from an unauthenticated attacker being able to enable or disable SSHD services by sending specific, carefully crafted packets ...

PT-2022-27512 · Dahua · Dahua

Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue allows an attacker to enable or disable the SSHD service without authentication. This can be achieved by sending a crafted packet to the vulnerable interface after...

Fedora 36 : xorg-x11-server (2022-dd3eb7e0a8)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-dd3eb7e0a8 advisory. Fix buggy patch to CVE-2022-46340 ---- CVE fix for: CVE-2022-4283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344...

Remote Code Execution

xwayland is vulnerable to remote code execution. The handler for the ScreenSaverSetAttributes request may write to memory after it has been freed leading to local privileges elevation on systems where the server is running privileged and remote code execution for ssh X forwarding sessions...

Remote Code Execution (RCE)

X.Org is vulnerable to Remote Code Execution RCE. The XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests leading to local privileges elevation on systems where the server is running privileged and remote...

Application allows to add same SSH key among different users

Description With SSH keys, you can connect to Rdiffweb without supplying your username and personal access token at each visit. Rdiffweb allows the same SSH key to be used by multiple users . For Example: User A has used SSH key '1' , the same key can be used by User B , User C . The application ...

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...