Lucene search
K

254 matches found

Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.17 views

EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2313)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...

3.7CVSS7AI score0.01677EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.23 views

EulerOS Virtualization 2.12.0 : openssh (EulerOS-SA-2024-2333)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...

3.7CVSS7AI score0.01677EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.1304 views

SSH Username Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...

5.9CVSS7.3AI score0.98631EPSS
Exploits41
OpenVAS
OpenVAS
added 2024/08/21 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2222)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS4.4AI score0.01677EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/08/20 12:0 a.m.14 views

EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2222)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbos...

3.7CVSS7AI score0.01677EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/08/20 12:0 a.m.23 views

EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2246)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbos...

3.7CVSS7AI score0.01677EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.5 views

Litestream 安全漏洞

Litestream is a standalone disaster recovery tool for SQLite from the individual developer Ben Johnson. A security vulnerability exists in Litestream version v0.3.13, which stems from the use of ssh.InsecureIgnoreHostKey that disables host key authentication. An attacker could obtain sensitive...

5.3CVSS6.4AI score0.00193EPSS
Exploits0References2
OSV
OSV
added 2024/05/29 4:44 p.m.6 views

DRUPAL-CONTRIB-2024-022

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...

9.8CVSS6.9AI score0.00618EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.3 views

PT-2023-8226 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.6 through 16.4.3 GitLab EE versions 16.5 through 16.5.3 GitLab EE versions 16.6 through 16.6.1 Description: The issue is related to an improper certificate validation in Smartcard authentication, allowing an attacker to...

8.1CVSS7.9AI score0.00379EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.27 views

Rockwell Automation Stratix NTP Authentication bypass (CVE-2015-1798)

A vulnerability in the message authentication code MAC validation routine of ntpd could allow an unauthenticated, remote attacker to bypass the NTP authentication feature. The vulnerability is due to incorrect validation of the MAC field. An attacker could exploit this vulnerability by sending...

1.8CVSS6.7AI score0.02219EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/10/30 11:47 p.m.22 views

CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

7.5CVSS7.7AI score0.00374EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/10/04 8:40 p.m.32 views

CVE-2023-43809 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...

7.5CVSS7.9AI score0.0089EPSS
Exploits1References4
OSV
OSV
added 2023/10/04 8:40 p.m.29 views

CVE-2023-43809 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...

7.5CVSS7.5AI score0.0089EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.4 views

Soft Serve Authorization Issues Vulnerability

Soft Serve is a delicious, self-hosted command-line Git server. An authorization issue vulnerability exists in Soft Serve versions prior to 0.6.2, which stems from a vulnerability that allows an attacker to bypass public key authentication via the allow-keyless setting...

7.5CVSS6.9AI score0.0089EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.56 views

Control iD iDSecure Hard-coded JWT Key Authentication Bypass (CVE-2023-33371)

Binary data controlididsecurecve-2023-33371.nbin...

9.8CVSS9.7AI score0.0085EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.12 views

PT-2023-7221 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.5.6 JumpServer versions prior to 3.6.5 Description: The issue is related to the Koko SSH server in JumpServer, an open source bastion host. When users enable MFA and use a public key for authentication, the Koko...

10CVSS9.4AI score0.00582EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2023/06/07 2:8 a.m.4 views

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

7.5CVSS6.8AI score0.03931EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/18 12:14 a.m.5 views

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

7.5CVSS6.8AI score0.03931EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-2243

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483...

5CVSS8.2AI score0.02472EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

3.7CVSS8.4AI score0.01677EPSS
Exploits0References3
Rows per page
Query Builder