GHSA-FQW7-C6VR-Q29M openstack-mistral Discloses the presence of arbitrary files within the filesystem

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

Updated python-twisted packages fix security vulnerability

CVE-2022-21712: It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21716: It was discovered that Twisted incorrectly processed SSH handshake data on...

MGASA-2022-0168 Updated python-twisted packages fix security vulnerability

CVE-2022-21712: It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21716: It was discovered that Twisted incorrectly processed SSH handshake data on...

HP System Management Homepage (SMH) Insight Diagnostics Detection (Linux SSH Login)

SSH login-based detection of HP System Management Homepage SMH Insight Diagnostics. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

AlmaLinux 8 : libssh (ALSA-2022:2031)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2031 advisory. - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is...

Slackware: Security Advisory (SSA:2022-131-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.83.1-i586-1slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via trailing dot. TLS and S...

CURL-CVE-2022-27782 TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and...

Internet Bug Bounty: CVE-2022-27782: TLS and SSH connection too eager reuse

Summary: Curl fails to consider some security related options when reusing TLS connections. For example: TLS CURLOPTSSLOPTIONS CURLOPTPROXYSSLOPTIONS CURLOPTCRLFILE CURLOPTPROXYCRLFILE CURLOPTTLSAUTHTYPE CURLOPTTLSAUTHUSERNAME CURLOPTTLSAUTHPASSWORD CURLOPTPROXYTLSAUTHTYPE...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-131-01)

The version of curl installed on the remote host is prior to 7.83.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-131-01 advisory. - libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have...

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

tlog bug fix and enhancement update

An update is available for tlog. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tlog is a terminal I/O recording program similar to "script", but used in place ...

ALBA-2022:2139 tlog bug fix and enhancement update

Tlog is a terminal I/O recording program similar to "script", but used in place of a user's shell, starting the recording and executing the real user's shell afterwards. The recorded I/O can then be forwarded to a logging server in JSON format. Bug Fixes and Enhancements: tlog causing SSH to not...

tlog bug fix and enhancement update

Tlog is a terminal I/O recording program similar to "script", but used in place of a user's shell, starting the recording and executing the real user's shell afterwards. The recorded I/O can then be forwarded to a logging server in JSON format. Bug Fixes and Enhancements: tlog causing SSH to not...

Low: Red Hat Security Advisory: libssh security, bug fix, and enhancement update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ALSA-2022:2031 Low: libssh security, bug fix, and enhancement update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.6. BZ1896651 Security Fixes: libssh: possible heap-based buffer overflow when rekeying CVE-2021-3634...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

DEBIAN-CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. NOTE: WinRAR and Android RAR are unaffected...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2022-1680)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...