Unrestricted Upload of File with Dangerous Type in Gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users should upgra...

CVE-2022-26252

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH keyidrsa...

CVE-2022-26252

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH keyidrsa...

Directory traversal

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH keyidrsa...

CVE-2022-26252

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH keyidrsa...

CVE-2022-26252

CVE-2022-26252 affects aaPanel v6.8.21. A directory traversal flaw is described that allows an attacker to obtain the root user’s private SSH key (id_rsa). The vulnerability is documented across multiple feeds (NVD entry and vendor/partner advisories) with exploit references (e.g., Exploit-DB lin...

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-twisted) (RHSA-2022:0982)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0982 advisory. Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (python-twisted) security update

An update for python-twisted is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-twisted) (RHSA-2022:0992)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0992 advisory. Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-twisted) security update

An update for python-twisted is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora: Security Advisory for chromium (FEDORA-2022-d1a15f9cdb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GitLab Detection (Linux/Unix SSH Login)

SSH login-based detection of GitLab. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.170048";...

GitLab Detection Consolidation

Consolidation of GitLab detections. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

Debian: Security Advisory (DLA-2959-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gogs < 0.12.6 RCE Vulnerability

Gogs is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

[SECURITY] [DLA 2959-1] paramiko security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2959-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 21, 2022 https://wiki.debian.org/LTS -...

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose and an attacker has silently modified the server to support the None authentication option then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass since nothing is being bypassed.

...

golang.org/x/crypto/ssh Denial of service via crafted Signer

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

GHSA-8C26-WMH5-6G9V golang.org/x/crypto/ssh Denial of service via crafted Signer

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

Use of a Broken or Risky Cryptographic Algorithm

golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey...