254 matches found
EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2313)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...
EulerOS Virtualization 2.12.0 : openssh (EulerOS-SA-2024-2333)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...
SSH Username Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2222)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2222)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbos...
EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2246)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbos...
Litestream 安全漏洞
Litestream is a standalone disaster recovery tool for SQLite from the individual developer Ben Johnson. A security vulnerability exists in Litestream version v0.3.13, which stems from the use of ssh.InsecureIgnoreHostKey that disables host key authentication. An attacker could obtain sensitive...
DRUPAL-CONTRIB-2024-022
Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...
PT-2023-8226 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.6 through 16.4.3 GitLab EE versions 16.5 through 16.5.3 GitLab EE versions 16.6 through 16.6.1 Description: The issue is related to an improper certificate validation in Smartcard authentication, allowing an attacker to...
Rockwell Automation Stratix NTP Authentication bypass (CVE-2015-1798)
A vulnerability in the message authentication code MAC validation routine of ntpd could allow an unauthenticated, remote attacker to bypass the NTP authentication feature. The vulnerability is due to incorrect validation of the MAC field. An attacker could exploit this vulnerability by sending...
CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-43809 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...
CVE-2023-43809 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...
Soft Serve Authorization Issues Vulnerability
Soft Serve is a delicious, self-hosted command-line Git server. An authorization issue vulnerability exists in Soft Serve versions prior to 0.6.2, which stems from a vulnerability that allows an attacker to bypass public key authentication via the allow-keyless setting...
Control iD iDSecure Hard-coded JWT Key Authentication Bypass (CVE-2023-33371)
Binary data controlididsecurecve-2023-33371.nbin...
PT-2023-7221 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.5.6 JumpServer versions prior to 3.6.5 Description: The issue is related to the Koko SSH server in JumpServer, an open source bastion host. When users enable MFA and use a public key for authentication, the Koko...
golang: crash in a golang.org/x/crypto/ssh server
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...
golang: crash in a golang.org/x/crypto/ssh server
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...
SUSE CVE-2007-2243
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483...
SUSE CVE-2021-36368
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...