Siemens SIMATIC CN 4100 安全漏洞

The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. A security vulnerability previously existed in the Siemens SIMATIC CN 4100 version 2.5, which stemmed from affected devices containing incorrect default values in the SSH configuration. An attacker could exploit the...

PT-2023-4084 · Siemens · Simatic Cn 4100

Name of the Vulnerable Software and Affected Versions: SIMATIC CN 4100 versions prior to V2.5 Description: A vulnerability has been identified in the SIMATIC CN 4100, related to an incorrect default value in the SSH configuration. This issue could allow an attacker to bypass network isolation. Th...

CVE-2023-36611

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...

Ovarro TBox RTUs 授权问题漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. An authorization issue vulnerability exists in Ovarro TBox RTUs that stems from allowing a low-privileged user to access higher-privileged software security tokens, potentially allowing an attacker to...

Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign

An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer P2P...

CVE-2022-44719

An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions...

CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH...

Ucopia 安全漏洞

Ucopia Express is a device used for Wifi management by the French company Ucopia. A security vulnerability exists in Ucopia versions prior to 6.0.13, which stems from an SSH server with insecure privileges...

PT-2023-25845 · Veritas · Veritas Netbackup Appliance

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup Appliance versions prior to 4.1.0.1 MR3 Description: The issue allows an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH due to insecure permissions. Recommendations:...

The vulnerability of the SSH-server software used in Bosch BVMS video surveillance systems allows a intruder to gain unauthorized access to the network.

The vulnerability of the SSH-server software used in Bosch BVMS video surveillance systems is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to the network by using port redirection requests...

PT-2023-24778 · Unknown +1 · Glpi Agent +1

Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.5 Description: The issue affects the GLPI Agent, a generic management agent, when running the remoteinventory task against a Unix platform using the ssh command. An administrator user on the remote system can...

GLPI 操作系统命令注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

Nokia Airscale ASIKA Single RAN 信任管理问题漏洞

Nokia Airscale ASIKA Single RAN is an application for end-to-end use by Nokia of Finland. A security vulnerability exists in NOKIA Airscale ASIKA Single RAN prior to version 21B, which stems from a debugger that does not change the default SSH public/private key values specific to the network...

Bosch Video Management System 安全漏洞

Bosch Video Management System is a video management system from Bosch, Germany. A security vulnerability exists in Bosch Video Management System, which stems from improper authorization of the SSH server, allowing an authenticated attacker to access resources on the internal network via port...

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

...

ALPINE-CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

AZL-26795 CVE-2023-28319 affecting package curl for versions less than 8.2.1-1

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

libssh 授权问题漏洞

libssh is a C development package from the libssh organization for accessing SSH services that can perform remote commands, file transfers, and also provide a secure transport channel for remote programs. A security vulnerability exists in libssh that stems from not properly performing...

Remote code execution

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell SSH/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL cou...