CVE-2022-38133

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

golang.org/x/crypto: empty plaintext packet causes panic

There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...

Debian DSA-5203-1 : gnutls28 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5203 advisory. Jaak Ristioja discovered a double-free vulnerability in GnuTLS, a library implementing the TLS and SSL protocols, during verification of pkcs7 signatures. A remote attacke...

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute...

Emerson DeltaV Distributed Control System Use of Hard-Coded Credentials (CVE-2022-29964)

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. - The Emerson DeltaV Distributed Control System DCS...

CVE-2022-36881

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

Veritas Backup Exec Remote Agent Detection Consolidation

Consolidation of Veritas Backup Exec Remote Agent detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc";...

CentOS 7 : kernel (RHSA-2022:5232)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5232 advisory. - net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root...

Fedora: Security Advisory for podman-tui (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for shellz (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for vultr (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: vultr-2.0.3-6.fc36

Vultr CLI is a command line tool for using the Vultr API. It allows you to create and manage your virtual machines, SSH public keys, snapshots, and startup scripts on your Vultr account. You can also use it to directly SSH into a Vultr virtual machine through the vultr ssh command...

[SECURITY] Fedora 36 Update: shellz-1.5.0-8.fc36

Shellz is a small utility to track and control your ssh, telnet, web and cust om shells and tunnels...

[SECURITY] Fedora 36 Update: podman-tui-0.5.0-2.fc36

podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

Jenkins Git client plugin 3.11.0 does not perform SSH host key verification

Jenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meet...

GHSA-CM7J-P8HC-97VJ Jenkins Git client plugin 3.11.0 does not perform SSH host key verification

Jenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meet...

Missing permission check in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key fi...

GHSA-78FG-PVGG-6G3R Missing permission check in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key fi...

CVE-2022-36909

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...