Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.13.1, which...

CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 20.0.3...

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python programming language allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python lies in insufficient validation of data authenticity. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” attacks remotely...

Sophos Firewall 安全漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in versions prior to Sophos Firewall 20.0 MR3 20.0.3. An attacker exploiting this vulnerability could access the firewall as a privileged system via SSH...

PT-2024-9753

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 20.0 MR3 20.0.3 Description A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall. This issue could let an attacker gain unauthorized access to protected...

AZL-54315 CVE-2024-45337 affecting package podman 4.1.1-26

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54384 CVE-2024-45337 affecting package gh for versions less than 2.62.0-3

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54286 CVE-2024-45337 affecting package moby-compose for versions less than 2.17.3-9

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54330 CVE-2024-45337 affecting package packer for versions less than 1.9.5-4

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54290 CVE-2024-45337 affecting package packer for versions less than 1.9.5-5

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

DEBIAN-CVE-2024-45337

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

MOBATIME Network Master Clock 安全漏洞

MOBATIME Network Master Clock is a clock program from MOBATIME, Inc. It is used to build and run large-scale clock systems. A security vulnerability exists in MOBATIME Network Master Clock DTS 4801. An attacker exploiting this vulnerability could gain initial access via SSH using default...

The vulnerability of the SSH server of the microprogrammed network interface devices of Cisco Adaptive Security Appliance (ASA) allows a attacker to execute arbitrary commands on the basic operating system as the root user.

The vulnerability of the SSH server of the microprogrammed network interface devices in Cisco Adaptive Security Appliance ASA is related to insufficient validation of data entered by users. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the basic operating...

The vulnerability in the implementation of the SSH network protocol for the microprogramming-based software of industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 allows a hacker to execute arbitrary commands.

The vulnerability of the SSH network protocol implementation in the microprogramming-based software for industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the lack of measures to neutralize special elements used in operating system commands...

PT-2024-9086 · Billion Electric · Billion Electric Routers

Name of the Vulnerable Software and Affected Versions: Billion Electric routers affected versions not specified Description: The issue concerns an OS Command Injection vulnerability in certain models of Billion Electric routers. This vulnerability allows remote attackers with administrator...

The vulnerability of RUCKUS Wireless Access Points (Ruckus AP) lies in insufficient verification of input data, allowing attackers to execute arbitrary codes.

The vulnerability of RUCKUS Wireless Access Points involves insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via the SSH interface...

SUSE CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

The vulnerability of the SSH and Telnet protocol implementations of the D-Link DSL6740C modem’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of SSH and Telnet protocols implemented by the microprogramming software of the D-Link DSL6740C modem lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the SSH and Telnet protocol implementations of the D-Link DSL6740C modem’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of SSH and Telnet protocols implemented by the microprogramming software of the D-Link DSL6740C modem lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the SSH and Telnet protocol implementations of the D-Link DSL6740C modem’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the SSH and Telnet protocols implemented by the D-Link DSL6740C modem’s microprogramming system exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...