Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities

Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-2079)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2024-3026 casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification in github.com/casdoor/casdoor

casdoor's use ofssh.InsecureIgnoreHostKey disables host key verification in github.com/casdoor/casdoor...

EulerOS 2.0 SP5 : tigervnc (EulerOS-SA-2024-2077)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the...

EulerOS 2.0 SP5 : xorg-x11-server (EulerOS-SA-2024-2079)

According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. Wh...

Fedora: Security Advisory (FEDORA-2024-82547e3e16)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Certificate Validation

github.com/casdoor/casdoor is vulnerable to Improper Certificate Validation. The vulnerability is due to the usage of the ssh.InsecureIgnoreHostKey method in the file viaSSHDialer.go, which disables host key verification and allows attackers to obtain sensitive information via a man-in-the-middle...

ROS-20240805-03

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

Man-In-The-Middle Attack

github.com/mickael-kerjean/filestash is vulnerable to Man-In-The-Middle Attack. The vulnerability is due to the usage of ssh.InsecureIgnoreHostKey function, which disables host key verification, allowing attackers to obtain sensitive information via a man-in-the-middle attack...

The vulnerability of the SSH service on the SmartOS operating system, specifically the AdTran SRG 834-5 Wi-Fi routers, allows a hacker to execute arbitrary operating system commands.

The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the use of strictly encrypted login credentials. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system...

casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification

An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey method...

GHSA-67FW-W8F2-88WP casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification

An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey method...

CVE-2024-41264

An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey method...

CVE-2024-41264

An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey method...

soft-serve -- Remote code execution vulnerability

soft-serve team reports: Arbitrary code execution by crafting git ssh requests It is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

CVE-2024-41254

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

CVE-2024-41254

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

CVE-2024-41254

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...