New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute...

EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2022-2117)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2022-2097)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2022-1976)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...

CVE-2022-23719

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A...

CVE-2022-23719

PingID Windows Login prior to version 2.8 has an issue where it does not authenticate communication with a local Java service used to capture security key requests. This can allow an attacker who can execute code on the target machine to exploit and spoof the local Java service via multiple attac...

PT-2022-3284 · Ping Identity · Pingid Windows Login

Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.8 Description: The issue is related to errors in authentication of the connection with a local Java service used to capture security key requests. An attacker with the ability to execute code on the...

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

ALPINE-CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

DEBIAN-CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

OpenSSH 授权问题漏洞

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers from the Canadian OpenBSD Project Group. The tools are an open source implementation of the SSH protocol that supports encryption of all transmissions, effectively blocking eavesdropping, connection...

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

PT-2022-10510

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 8.9 Description An issue was discovered in OpenSSH where a client using public-key authentication with agent forwarding but without -oLogLevel=verbose may be unable to determine whether FIDO authentication is confirmi...

Huawei Emui and Magic UI Public Key Authentication Vulnerability

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. A security vulnerability exists in Huawei Emui and Magic Ui. An attacker could exploit the vulnerabilities to compromise service confidentiality...

Webauthn-Framework 授权问题漏洞

Webauthn-Framework is an authentication mechanism. It is used by Web applications to create and use strong, proven, scoped, public-key based credentials for strong authentication of users. Webauthn-Framework suffers from a security vulnerability that allows an attacker in control of a user's syst...

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE...

SUSE: Security Advisory (SUSE-SU-2019:1059-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:14031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSH < 4.7 Improper Authentication Vulnerabilities

OpenSSH is prone to multiple improper authentication vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ssh-Mitm - Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulation

ssh-mitm is an intercepting mitm proxy server for security audits. Redirect/mirror Shell to anotherssh client supported in 0.2.8 Replace File in SCP supported in 0.2.6 Replace File in SFTP supported in 0.2.3 Transparent proxy support in 0.2.2! - intercepting traffic to other hosts is now possible...