CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

CVE-2022-45047

CVE-2022-45047 affects Apache MINA SSHD (SSHD) where SimpleGeneratorHostKeyProvider uses Java deserialization to load a PrivateKey, enabling remote authenticated code execution via unsafe deserialization. The issue is in MINA SSHD

CVE-2023-35887

CVE-2023-35887 affects Apache MINA SSHD when using RootedFileSystem in SFTP servers. The root cause is path traversal outside the rooted tree via paths with '..' or symlinks, allowing logged-in users to discover existence/non-existence of items outside the rooted directory. Affected: Apache MINA ...

CVE-2021-30129

CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...