SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2022:2834-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2834-1 advisory. Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image t...

SUSE-SU-2022:2834-1 Security update for podman

This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command bsc1182428. - CVE-2022-27191: Fix...

SUSE-SU-2022:2829-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain bnc1199223. - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even wh...

USN-5526-2: PyJWT regression

USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Aapo Oksman discovered that PyJWT incorrectly...

Debian DSA-5211-1 : wpewebkit - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5211 advisory. - An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32792 - The issue was addressed with improved UI handling. CVE-2022-32816 No...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2251)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2238)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2217)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...

SUSE-SU-2022:2813-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain bnc1199223. - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even wh...

CVE-2022-24950

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId...

CVE-2022-24950

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId...

CVE-2022-24950

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId...

Race condition

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId...

CVE-2022-24950

EternalTerminal vulnerability CVE-2022-24950 exists in versions prior to 6.2.0. The issue is a race condition in UserTerminalRouter::getInfoForId() that lets an authenticated attacker hijack other users’ SSH authorization sockets, enabling logins to other systems as targeted users. The problem is...

CVE-2022-24950

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId...

SUSE: Security Advisory (SUSE-SU-2022:2813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Progress WS_FTP Server Detection Consolidation

Consolidation of Progress WSFTP Server detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...

CVE-2022-38133

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases...

Design/Logic Flaw

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases...

CVE-2022-38133

CVE-2022-38133 affects JetBrains TeamCity pre-2022.04.3 where private SSH keys could be written to server logs under certain conditions. The vulnerability stems from logging behavior; impact could be leakage of private SSH material if logs are exposed. Affected software is JetBrains TeamCity prio...