NGINX is configured to forward PHP pages requests to PHP-FPM processor,
fastcgi_split_path_info directive is present in the configuration and includes a regular expression beginning with a '^' symbol and ending with a '$' symbol,
PATH_INFO variable is defined with fastcgi_param directive,
There are no checks like try_files $uri =404 or if (-f $uri) to determine whether a file exists or not.
ah, le premier qui soit si clair, je cite :
This is not a vulnerability in openssh, so it doesn't affect the ssh that we all use every day. libssh2 is a client-side C library, which enables applications to connect to an SSH server. This also isn't a vulnerability in libssh, which is an unrelated C library which provides similar functionality to libssh2.
Bon, c'est pas comme si c'etait tous les jours, mais les certif CA généré par default avec ssh-keygen v8.1 ne seront plus compatible avec OpenSSH < 7.2
Désinstallez l'application CamScanner si vous l'avez sur votre mobile android !
PS: L'application notebloc (sur F-Droid) la remplace à merveille !
via https://sebsauvage.net/links/?RaYzMw