Apache Commons Detection (Linux/Unix SSH Login)

SSH login-based detection of Apache Commons and its components. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

Apache Commons Detection Consolidation

Consolidation of Apache Commons and its components detections. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

virt-v2v security, bug fix, and enhancement update

2.0.7-6.0.1 - Replaced bugzilla.oracle.com references Orabug: 34202300 - replaced upstream references Orabug:34089586 1:2.0.7-6 - Install qemu-ga package during conversion resolves: rhbz2028764 1:2.0.7-5 - Remove LVM2 devices file during conversion resolves: rhbz2112801 - Add support for Zstandar...

curl security update

7.76.1-19 - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 - fix FTP-KRB bad message verification CVE-2022-32208 7.76.1-18 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.76.1-17 - fix leak of SRP credentials in redirects...

Oracle Linux 9 : podman (ELSA-2022-7954)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7954 advisory. 2:4.2.0-3.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 2:4.2.0-3 - fix dependency in test subpackage - Related:...

PT-2022-7136 · X.Org +9 · X.Org +9

Name of the Vulnerable Software and Affected Versions: X.Org affected versions not specified Description: A security flaw in X.Org occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local...

PT-2022-7139 · X.Org +9 · X.Org +9

Name of the Vulnerable Software and Affected Versions: X.Org affected versions not specified Description: A security flaw was found in the handler for the XIChangeProperty request, resulting in length-validation issues and out-of-bounds memory reads. This can lead to potential information...

SSH Per-Host Command Logging

If the 'Always report SSH commands' advanced preference is selected in the scan policy, this plugin will report all commands run over SSH on the host in a machine readable format. TRUSTED...

Apache MINA Deserialization Vulnerability

Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...

Rocky Linux 8 : container-tools:4.0 (RLSA-2022:7469)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7469 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 whe...

New RapperBot malware targets gaming servers with DDoS attacks

By Deeba Ahmed RapperBot malware is known for brute-forcing SSH servers that can accept password authentication. This is a post from HackRead.com Read the original post: New RapperBot malware targets gaming servers with DDoS attacks...

Unsafe deserialization in Apache MINA SSHD

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

CVE-2022-45047

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

CVE-2022-45047 Apache MINA SSHD: Java unsafe deserialization vulnerability

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

Apache MINA 代码问题漏洞

Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...

CVE-2022-45047

CVE-2022-45047 affects Apache MINA SSHD (SSHD) where SimpleGeneratorHostKeyProvider uses Java deserialization to load a PrivateKey, enabling remote authenticated code execution via unsafe deserialization. The issue is in MINA SSHD

AlmaLinux 9 : kernel-rt (ALSA-2022:6582)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6582 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

CVE-2022-20854

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper err...

Input validation

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper err...