Lucene search
+L

100 matches found

Prion
Prion
added 2022/06/21 3:15 p.m.12 views

Command injection

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

4CVSS6.3AI score0.00704EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/21 2:23 p.m.32 views

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

7.5AI score0.00704EPSS
Exploits0References1
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2022/06/15 4:36 p.m.36 views

[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 06/15/2022 - 12:36 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...

9CVSS1.7AI score0.01255EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/04/29 12:46 p.m.50 views

CVE-2022-29810

A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover...

5.5CVSS3.3AI score0.00403EPSS
Exploits0References4
Veracode
Veracode
added 2022/04/28 4:21 a.m.29 views

Information Disclosure

github.com/hashicorp/go-getter is vulnerable to information disclosure. The vulnerability exists in the RedactURL function of url.go, allowing an attacker to read or write SSH credentials through the log file...

5.5CVSS2.6AI score0.00403EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/04/28 12:0 a.m.42 views

GHSA-27RQ-4943-QCWP Insertion of Sensitive Information into Log File in Hashicorp go-getter

The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile...

5.5CVSS5.4AI score0.00403EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/04/28 12:0 a.m.32 views

Insertion of Sensitive Information into Log File in Hashicorp go-getter

The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile...

5.5CVSS5.7AI score0.00403EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/27 9:9 p.m.156 views

Exposure of SSH credentials in Rancher/Fleet

Impact This vulnerability only affects customers using Fleet for continuous delivery with authenticated Git and/or Helm repositories. A security vulnerability CVE-2022-29810 was discovered in go-getter library in versions prior to v1.5.11 that exposes SSH private keys in base64 format due to a...

5.5CVSS0.2AI score0.00403EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/27 12:0 a.m.6 views

PT-2022-19843 · Hashicorp · Go-Getter

Name of the Vulnerable Software and Affected Versions: Hashicorp go-getter library versions prior to 1.5.11 Description: The issue concerns the Hashicorp go-getter library, where SSH credentials could be written into its logfile. This exposes sensitive credentials to local users who have the...

5.5CVSS6.5AI score0.00403EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2022/03/28 7:15 p.m.6 views

CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...

7.5CVSS5.4AI score0.0083EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/03/28 7:15 p.m.19 views

CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...

7.5CVSS0.0083EPSS
Exploits0References2
OSV
OSV
added 2022/03/28 7:15 p.m.3 views

UBUNTU-CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...

7.5CVSS5.7AI score0.0083EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/03/28 6:53 p.m.38 views

CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...

4.2CVSS7.6AI score0.0083EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/02/25 12:0 a.m.55 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potentially misleading to users Environment variables can be leaked via the sendmail delivery method...

10CVSS3.8AI score0.80004EPSS
Exploits6References1
CNVD
CNVD
added 2021/11/13 12:0 a.m.28 views

Airangel Hsmx Gateway Credential Disclosure Vulnerability

Airangel Hsmx Gateway is a platform from Airangel UK. Used to manage authentication and billing in the network, a credential disclosure vulnerability exists in versions prior to Airangel Hsmx Gateway 5.2.04, which stems from the presence of weak SSH credentials in Airangel HSMX Gateway devices. A...

9.8CVSS1.7AI score0.01145EPSS
Exploits1References1
NVD
NVD
added 2021/11/10 5:15 p.m.13 views

CVE-2021-40520

Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials...

9.8CVSS0.01145EPSS
Exploits1References2
CVE
CVE
added 2021/11/10 4:6 p.m.50 views

CVE-2021-40520

Airangel HSMX Gateway devices up to version 5.2.04 are affected by a credential disclosure vulnerability due to weak SSH credentials. Exploitation could allow an attacker to obtain SSH credentials and take control of the device. Publicly provided details confirm affected product/version and impac...

9.8CVSS9.5AI score0.01145EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2020/11/16 12:0 a.m.31 views

Cisco 7937G - DoS/Privilege Escalation Exploit

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os def mainargv:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/08/11 12:0 a.m.324 views

Cisco 7937G All-In-One Exploiter Exploit

This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below. Exploit Title: Cisco 7937G All-In-One Exploiter Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepag...

9.8CVSS7.9AI score0.7977EPSS
Exploits8
ThreatPost
ThreatPost
added 2020/05/05 3:55 p.m.36 views

GoDaddy Hack Breaches Hosting Account Credentials

UPDATE GoDaddy, the world’s largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials. An “unauthorized individual” was able to access users’ login details in an intrusion that the company said took place back in October — the compa...

0.9AI score
Exploits0References9
Rows per page
Query Builder