[SECURITY] Fedora 35 Update: shellz-1.5.0-7.fc35

Shellz is a small utility to track and control your ssh, telnet, web and cust om shells and tunnels...

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs because curl can reuse a previously created connection even when a TLS or SSH-related option is changed that should have prohibited reuse. This flaw leads to an authentication bypass, either by mistake or by a malicious actor...

Amazon Linux 2 : curl (ALAS-2022-1808)

The version of curl installed on the remote host is prior to 7.79.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1808 advisory. A vulnerability was found in curl. This issue occurs because curl can reuse a previously created connection even when a TLS or...

CVE-2022-28369

Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enablessh sub-operation of the crtcrpc JSON listener found at /lib/functions/wncjsonsh/crtcmode.sh A remote attacker on the local network can provide a malicious URL. The data...

Siemens SICAM GridEdge Access Control Error Vulnerability

SICAM GridEdge can make your existing IEC61850 devices IoT capable with just a few clicks.An access control error vulnerability exists in Siemens SICAM GridEdge, which could be exploited by an attacker with access to the file system of the host computer running SICAM GridEdge to inject a custom S...

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2022-2116)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

Design/Logic Flaw

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

CVE-2022-34757

CVE-2022-34757 affects Schneider Electric Easergy P5 (V01.401.102 and prior). The issue is CWE-327: Use of a Broken or Risky Cryptographic Algorithm, where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, allowing an attacker to observe protected ...

CVE-2022-34464

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.7.3. The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that fi...

CVE-2022-34464

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.7.3. The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that fi...

Design/Logic Flaw

A vulnerability has been identified in SICAM GridEdge Essential ARM All versions, SICAM GridEdge Essential Intel All versions V2.7.3, SICAM GridEdge Essential with GDS ARM All versions, SICAM GridEdge Essential with GDS Intel All versions V2.7.3. Affected software uses an improperly protected fil...

CVE-2022-34464

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.7.3. The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that fi...

CVE-2022-34464

CVE-2022-34464 affects Siemens SICAM GridEdge (Classic) and GridEdge Essential variants, where an improperly protected file used to import SSH keys can be written by a user with host filesystem access. Affected versions include SICAM GridEdge GridEdge Essential Intel/ARM (all versions before v2.7...

gitea -- multiple issues

The Gitea team reports: Use git.HOMEPATH for Git HOME directory Add write check for creating Commit status Remove deprecated SSH ciphers from default...

Siemens SICAM GridEdge

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM GridEdge Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION The SICAM GridEdge software contains an improper access control vulnerability, which could allow...

[SECURITY] Fedora 36 Update: podman-tui-0.5.0-1.fc36

podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

Slackware: Security Advisory (SSA:2022-191-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...