CVE-2023-39808

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...

N.V.K.INTER iBSG 信任管理问题漏洞

N.V.K.INTER iBSG NVK iBSG is a security appliance from N.V.K.INTER, Inc. A security vulnerability exists in N.V.K.INTER iBSG version v3.5, which stems from the presence of a hard-coded root password that allows an attacker to log in with root privileges via SSH service...

PT-2023-27115 · N.V.K.Inter Co. · Ibsg

Name of the Vulnerable Software and Affected Versions: N.V.K.INTER CO., LTD. NVK iBSG version 3.5 Description: The issue is related to a hardcoded root password in the software, which allows attackers to login with root privileges via the SSH service. Recommendations: For version 3.5, consider...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

CVE-2023-40291

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name...

Tigergraph Security Breach

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in Tigergraph Enterprise version 3.7.0. An attacker exploiting this vulnerability could use their own...

PT-2023-21751 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in Tigergraph Enterprise where there is unsecured write access to the SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public k...

CLSA-2023-1691576279 Fix CVE(s): CVE-2023-38408

SECURITY UPDATE: helper programs can dlopen/dlclose any libraries from /usr/lib - debian/patches/CVE-2023-38408-Ensure-FIDO-PKCS11-libraries-contain-expect.patch: checks libraries before dlopen - debian/patches/CVE-2023-38408-Separate-ssh-pkcs11-helpers-for-each-p11-mo.patch: separate...

PT-2023-4676 · Unknown · Mxsecurity

Name of the Vulnerable Software and Affected Versions: MXsecurity versions prior to v1.0.1 Description: The issue is related to the use of a hard-coded SSH host key in the MXsecurity platform, which may facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. This could put...

OESA-2023-1480 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. Security Fixes: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code ...

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

Fedora: Security Advisory for openssh (FEDORA-2023-79a18e1725)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for openssh (FEDORA-2023-878e04f4ae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSH 代码问题漏洞

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers from the Canadian OpenBSD Project Group. The tools are an open source implementation of the SSH protocol that supports encryption of all transmissions, effectively blocking eavesdropping, connection...

GHSA-CF7P-GM2M-833M cryptography mishandles SSH certificates

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

ALPINE-CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

PYSEC-2023-112

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

PYSEC-2023-112

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

PT-2023-4923 · Pypi +2 · Cryptography +2

Name of the Vulnerable Software and Affected Versions: cryptography package versions prior to 41.0.2 Description: The issue is related to errors in the certificate authentication procedure, which can be exploited by a remote attacker to perform a man-in-the-middle attack. The problem arises from...

MikroTik routers 资源管理错误漏洞

MikroTik routers is a router product from the Latvian company MikroTik. A security vulnerability exists in MikroTik routers v6.46.3 and earlier versions that originates from a misconfiguration that allows an attacker to cause a denial of service via an SSH daemon...