CVE-2022-20854

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper err...

Exploit for Open Redirect in Git-Scm Git

CVE-2017-1000117 借鉴使用github平台的AnonymKing/CVE-2017-1000117仓库 项目简介 + CVE-2017-1000117 漏洞的复现（PoC+Exp） + Git2.12.1 + SSH 漏洞简介： + 漏洞名称： Git命令注入漏洞 + CNNVD编号：CNNVD-201708-670 + 危害等级：中危 + CVE编号：CVE-2017-1000117 + 漏洞类型：命令注入 + 发布时间：2017-08-16...

PT-2022-25982 · Etic Telecom · Etic Telecom Remote Access Server

Name of the Vulnerable Software and Affected Versions: ETIC Telecom Remote Access Server RAS versions 4.5.0 and prior Description: The application programmable interface API of the affected software is vulnerable to directory traversal through several different methods. This could allow an attack...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper err...

PT-2022-5699 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD and Cisco Firepower Management Center FMC affected versions not specified Description: The issue is related to an uncontrolled resource consumption vulnerability in the implementation of the SSH protocol in...

CentOS 8 : container-tools:rhel8 (CESA-2022:7457)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7457 advisory. - golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 - opencontainers: OCI manifest and index parsing...

CentOS 8 : container-tools:4.0 (CESA-2022:7469)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7469 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 - golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 -...

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In our previous posts, we covered how to achieve access to flash memory, how to extract file system data from the device, and how to modify the data we've extracted. In this post, we'll cover how to gain root access...

sssd bug fix and enhancement update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

RHEL 8 : container-tools:4.0 (RHSA-2022:7469)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7469 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: cri-o:...

The vulnerability of the SSH library (x/crypto/ssh) in the Go programming language, which allows a hacker to execute a “man-in-the-middle” attack.

The vulnerability of the SSH library x/crypto/ssh in the Go programming language is related to data encryption errors. Exploiting this vulnerability can allow a remote attacker to execute a “man-in-the-middle” attack...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing access restrictions due to [CVE-2022-27782]

Summary cURL is used by IBM App Connect Enterprise Certified Container for internal communication and status checking. IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing access restrictions. This bulletin provides patch information to address the reported...

CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...

CVE-2022-30307

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...

Design/Logic Flaw

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...

CVE-2022-30307

CVE-2022-30307 affects FortiOS RSA SSH host key handling. Affected versions: FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below. Root cause is a key management error (CWE-320) that may enable an unauthenticated attacker to perform a Man-in-the-Middle (MITM) attack by abusing the RSA SSH ho...

CVE-2022-30307

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...