#ssh

Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8.0 - 8.7.4.1 versions.

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL.

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up. Akuvox E11 is

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities.

xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.

Command Injection in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.

Red Hat Security Advisory 2023-1103-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Red Hat Security Advisory 2023-1064-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site request forgery, cross site scripting, and deserialization vulnerabilities.

An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29047: A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management (SCM) to effectively change the Pipeline be...