OS Command Injection in gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory with to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches Repository file updates are prohibited to its .git directory. Users should upgra...

GHSA-958J-443G-7MM7 OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

Introducing EDR for Linux: Remediating and isolating threats on Linux servers

We’re excited to announce our new EDR for Linux offering, which extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. In this post, we show you what remediating and isolating threats on Linux servers looks like with Malwarebytes EDR for Linux. Let’s ge...

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

Code injection

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

CVE-2022-27782

CVE-2022-27782 affects curl/libcurl: it can reuse a previously created connection when TLS/SSH-related options were changed, due to incomplete configuration-matching checks. Connected advisories confirm this issue across multiple platforms (AIX, Amazon Linux, CloudLinux/CentOS, Cloud Foundry) and...

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

CVE-2022-29245 Weak private key generation in SSH.NET

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

CVE-2022-29245 Weak private key generation in SSH.NET

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

CVE-2022-29245

SSH.NET (Renci.SshNet) is affected by CVE-2022-29245 due to generating the private key during X25519 key exchange with System.Random in versions 2020.0.0 and 2020.0.1. The non-cryptographically secure RNG can have a brute-forceable seed, enabling an eavesdropper to potentially decrypt traffic dur...

SSH.NET 安全特征问题漏洞

SSH.NET is an SSH library for .NET optimized for parallelism. A security signature issue vulnerability exists in SSH.NET versions 2020.0.0 and 2020.0.1, which stems from a client's private key being generated during an X25519 key exchange using System.Random. System.Random is not a...

The vulnerability lies in the implementation of TLS and SSH protocols in the command-line utility cURL, which allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the TLS and SSH protocol implementations in the command-line utility cURL is related to deficiencies in authentication procedures when using previously established connections in a connection pool. Exploiting this vulnerability could allow an attacker operating remotely to ga...

SUSE: Security Advisory (SUSE-SU-2022:1870-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : mercurial (EulerOS-SA-2022-1747)

According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository...

Massive increase in XorDDoS Linux malware in last six months

Microsoft says its recorded a massive increase in XorDDoS activity 254 percent in the last six months. XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie MMD. MMD believed the Linux Trojan originated in China...