32 matches found
EUVD-2002-0168
Malware in sbrugna...
CVE-2023-0344
Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server...
CVE-2023-0344
Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server...
Default configuration
Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server...
CVE-2023-0344
CVE-2023-0344 affects Akuvox E11, which uses a custom dropbear SSH server with an insecure option not in the official release. The vulnerability stems from this modified SSH server, enabling an attack vector over the network; CISA’s ICS advisory and Red Hat/NVD entries describe a high-severity, r...
CVE-2023-0344 CVE-2023-0344
Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server...
Akuvox E11 安全漏洞
Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that originates from the use of a customized version of the dropbear SSH service. This service allows an insecure option...
SUSE CVE-2014-7144
OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...
SUSE CVE-2015-1852
The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...
GO-2022-0203 Remote command execution via "go get" command with "-insecure" option in cmd/go
The "go get" command is vulnerable to remote code execution. When the -insecure command-line option is used, "go get" does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
GHSA-7F2C-VP52-GMFW OpenStack keystonemiddleware does not verify certificate
OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...
The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary commands.
The vulnerability of the “go get” command in the Go programming language exists due to insufficient validation of input data insufficient checking of the import path when using the “-insecure” option. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...
UBUNTU-CVE-2018-7187
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
CVE-2018-7187
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
CVE-2018-7187
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...
keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored
It was discovered that some items in the S3Token paste configuration as used by python-keystonemiddleware formerly python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option were set to "false", the option would be evaluated as true,...
USN-2705-1 python-keystoneclient, python-keystonemiddleware vulnerabilities
Qin Zhao discovered Keystone disabled certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct machine-in-the-middle attacks via a crafted certificate. CVE-2014-7144 Brant Knudson...
OpenStack s3_token encryption issue vulnerability
OpenStack Keystone is a collaboration between the National Aeronautics and Space Administration NASA and Rackspace, Inc. to develop a project for authentication that provides identity, token, directory, and policy services.OpenStack keystonemiddleware formerly known as python-keystoneclient is on...
DEBIAN-CVE-2015-1852
The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...
PYSEC-2015-30
The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...