Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2026/04/27 7:22 a.m.6 views

CVE-2026-30368

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...

5.4CVSS5.2AI score0.00346EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 7:41 p.m.14 views

CVE-2026-6967

Affected software: awslabs/tough (before tough-v0.22.0) with delegated metadata validation. Root cause: missing expiration, hash, and length enforcement in delegated metadata validation causing load_delegations to bypass TUF integrity checks for delegated targets metadata. Impact: remote authenti...

7.1CVSS5.3AI score0.00246EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2026/04/24 4:16 p.m.4 views

CVE-2026-30368

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...

5.4CVSS0.00346EPSS
Exploits1References3
OSV
OSV
added 2026/03/30 4:23 p.m.2 views

GHSA-FHH2-GG7W-GWPQ nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...

9.4CVSS6.3AI score0.00328EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.3 views

NewStart CGSL MAIN 7.02 : libssh Vulnerability (NS-SA-2025-0184)

The remote NewStart CGSL host, running version MAIN 7.02, has libssh packages installed that are affected by a vulnerability: - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.10 views

CVE-2023-28002

An improper validation of integrity check value vulnerability CWE-354 in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesyst...

6.7CVSS6.6AI score0.00173EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/20 9:21 a.m.61 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish) [CVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617].

Summary The OpenSSH package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617. Vulnerability Details CVEID:CVE-2023-51385 DESCRIPTION: OpenSSH could allow a...

9.8CVSS8.9AI score0.93305EPSS
Exploits28Affected Software1
Rosalinux
Rosalinux
added 2025/01/28 7:59 p.m.20 views

Advisory ROSA-SA-2025-2675

software: libssh2 1.10.0 OS: ROSA-CHROME packageevrstring: libssh2-1.10.0-3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process...

5.9CVSS7.4AI score0.93305EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.5 views

PT-2024-4547 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager versions prior to 1.2.5-8227-11 Synology Router Manager versions prior to 1.3.1-9346-8 Description: The issue is related to the AirPrint functionality in Synology Router Manager, where code is loaded without integrity...

7.6CVSS8AI score0.00266EPSS
Exploits0References4
Redos
Redos
added 2024/05/24 12:0 a.m.10 views

ROS-20240422-10

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

5.9CVSS7.6AI score0.93305EPSS
Exploits4
OSV
OSV
added 2024/04/22 9:47 a.m.10 views

USN-6738-1 lxd vulnerability

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol BPP. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could...

5.9CVSS6.7AI score0.93305EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.304 views

Jenkins LTS < 2.440.3 / Jenkins weekly < 2.452

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.440.3 or Jenkins weekly prior to 2.452. It is, therefore, affected by a vulnerability: - The SSH transport protocol with certain OpenSSH extensions, found in OpenSS...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
OSV
OSV
added 2024/04/12 11:7 a.m.8 views

OESA-2024-1407 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A...

7.5CVSS6.7AI score0.93305EPSS
Exploits4References4
Redos
Redos
added 2024/04/08 12:0 a.m.11 views

ROS-20240408-23

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

5.9CVSS6.2AI score0.93305EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2024/02/12 12:0 a.m.180 views

Rocky Linux 8 : openssh (RLSA-2024:0606)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0606 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...

6.5CVSS7.2AI score0.93305EPSS
Exploits11References5
OpenVAS
OpenVAS
added 2024/02/09 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.93305EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.43 views

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2024-1183)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

6.5CVSS7.2AI score0.93305EPSS
Exploits11References3
Tenable Nessus
Tenable Nessus
added 2023/12/29 12:0 a.m.28 views

Fedora 39 : proftpd (2023-153404713b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-153404713b advisory. Security fix for CVE-2023-48795 Terrapin SSH protocol attack, affecting modsftp. Tenable has extracted the preceding description block directly from...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2023/12/27 12:0 a.m.46 views

GLSA-202312-16 : libssh: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-16 libssh: Multiple Vulnerabilities - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2023/12/24 12:0 a.m.44 views

Debian DSA-5588-1 : putty - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5588 advisory. - PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an...

8.1CVSS7.2AI score0.93305EPSS
Exploits4References9
Rows per page
Query Builder