41 matches found
EUVD-2012-0943
Malware in sbrugna...
EUVD-2004-2477
Malware in sbrugna...
EUVD-2013-4311
Malware in sbrugna...
EUVD-2006-1210
Malware in sbrugna...
EUVD-2018-17169
Malware in sbrugna...
EUVD-2013-4298
Malicious code in bioql PyPI...
CVE-2018-5399
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
Hardcoded credentials
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
Dropbear SSH Server < 2016.72 xauth Command Injection
According to its self-reported version in the banner, the version of Dropbear SSH running on the remote host is prior to 2016.72. It is, therefore, affected by a command injection vulnerability when X11 Forwarding is enabled, due to improper sanitization of X11 authentication credentials. An...
Dropbear SSH server timing attacks
Different timings for existent and nonexistent users...
CVE-2013-4434
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames...
CVE-2013-4421
The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...
CVE-2013-4434
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames...
Code injection
The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...
CVE-2013-4434
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames...
Code injection
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames...
CVE-2013-4421
The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...
CVE-2013-4434
Dropbear SSH Server before 2013.59 is affected by CVE-2013-4434: authentication error messages reveal valid usernames via different delay depending on account existence. Public docs confirm the issue and cite a patch release (2013.60) that fixes this and related CVE-2013-4421; openSUSE/Mandriva a...
CVE-2013-4421
The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...
CVE-2013-4421
The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...