Lucene search
K

90 matches found

Cvelist
Cvelist
added 2023/02/03 12:0 a.m.25 views

CVE-2023-25136

OpenSSH server sshd 9.1 introduced a double-free vulnerability during options.kexalgorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One...

7.1AI score0.89955EPSS
Exploits10References16
CVE
CVE
added 2023/02/03 12:0 a.m.940 views

CVE-2023-25136

OpenSSH sshd 9.1 contains a pre-authentication double-free in the handling of options.kex_algorithms, fixed in 9.2. Public reports note a remote, unauthenticated attacker could potentially jump to arbitrary addresses in sshd’s address space, with one third-party saying remote code execution is th...

6.5CVSS6.8AI score0.89955EPSS
Exploits10References16Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/01 12:0 a.m.3 views

PT-2023-32217 · Gnome +3 · Gnome-Control-Center +3

Name of the Vulnerable Software and Affected Versions: gnome-control-center affected versions not specified Description: The issue arises when the system is configured to use systemd socket activation for openssh-server, causing gnome-control-center to not properly reflect the SSH remote login...

4.9CVSS6.5AI score0.00207EPSS
Exploits1References14
Hacker One
Hacker One
added 2022/10/07 6:50 p.m.57 views

Nextcloud: A vulnerability classified as critical has been found in gsi-openssh-server 7.9p1 on Fedora (Connectivity Software) on server (http://95.217.64.181:22

Summary: " hello " vulnerability: GSI-OPENSSH-SERVER 7.9P1 ON FEDORA /ETC/GSISSH/SSHDCONFIG CREDENTIALS MANAGEMENT Description of problem: A vulnerability classified as critical has been found in gsi-openssh-server 7.9p1 on Fedora Connectivity Software on server http://95.217.64.181:22. This...

4.3CVSS0.3AI score0.01202EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/07/01 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-2039)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.5AI score0.12996EPSS
Exploits6References2
BDU FSTEC
BDU FSTEC
added 2021/06/29 12:0 a.m.4 views

The vulnerability of the authfile.c component of the sshd service in the OpenSSH encryption protection mechanism allows a hacker to gain unauthorized access to protected information.

The vulnerability of the authfile.c component of the sshd service in the OpenSSH encryption protection mechanism is related to key management errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5.5CVSS6.6AI score0.01101EPSS
Exploits1References5Affected Software3
0day.today
0day.today
added 2020/04/17 12:0 a.m.83 views

Microsoft Windows Unquoted Service Path Privilege Escalation Exploit

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/16 12:0 a.m.139 views

Microsoft Windows Unquoted Service Path Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Windows Unquoted Service Path Privilege Escalation', 'Description' = %q This module exploits a logic flaw due to h...

0.9AI score
Exploits0
Metasploit
Metasploit
added 2020/04/04 2:0 a.m.72 views

Windows Unquoted Service Path Privilege Escalation

This module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths:...

7.1AI score
Exploits0
OSV
OSV
added 2019/02/08 11:29 a.m.3 views

CVE-2019-7639

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshdconfig file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file...

8.1CVSS7.3AI score0.01202EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/02/08 11:0 a.m.42 views

CVE-2019-7639

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshdconfig file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file...

7.9AI score0.01202EPSS
Exploits1References1
Fedora
Fedora
added 2019/01/22 1:35 a.m.54 views

[SECURITY] Fedora 28 Update: openssh-7.8p1-4.fc28

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

5.3CVSS2AI score0.03681EPSS
Exploits0
Kitploit
Kitploit
added 2018/10/30 12:43 p.m.46 views

Lynis 2.7.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/08/28 4:49 p.m.253 views

CVE-2018-15919

OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system. Mitigation If GSSAPI Authentication...

5.3CVSS3.2AI score0.03557EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2018/05/28 8:30 a.m.91 views

Researchers Defeat AMD's SEV Virtual Machine Encryption

German security researchers claim to have found a new practical attack against virtual machines VMs protected using AMD's Secure Encrypted Virtualization SEV technology that could allow attackers to recover plaintext memory data from guest VMs. AMD's Secure Encrypted Virtualization SEV technology...

6.7AI score
Exploits0
Fedora
Fedora
added 2016/10/03 3:51 a.m.11 views

[SECURITY] Fedora 24 Update: openssh-7.2p2-13.fc24

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.3 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The open-source Debian GNU/Linux operating system includes multiple vulnerabilities in the openssh-server-udeb package. Exploitation of these vulnerabilities may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited...

9.3CVSS6.8AI score0.44963EPSS
Exploits7References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.6 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the openssh-server package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

9.3CVSS6.8AI score0.44963EPSS
Exploits7References6Affected Software2
OpenVAS
OpenVAS
added 2016/05/04 12:0 a.m.517 views

Juniper Networks Junos OS OpenSSH Information Leak and Buffer Overflow Vulnerability

Junos OS is prone to an information leak and buffer overflow vulnerability in the OpenSSH client. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

8.1CVSS7.3AI score0.63468EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2016/03/10 12:0 a.m.32 views

OracleVM 2.2 : openssh (OVMSA-2016-0033)

The remote OracleVM system is missing necessary patches to address critical security updates : - change default value of MaxStartups - CVE-2010-5107 John Haxby %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory...

7.5CVSS6.6AI score0.1651EPSS
Exploits1References2
Rows per page
Query Builder