X.Org X Server 资源管理错误漏洞

X.Org X Server is an X Window System display server from the X.org Foundation. X.Org X Server suffers from a resource management error vulnerability that stems from the fact that the handler of its ScreenSaverSetAttributes request may write to memory after releasing the request potentially...

UBUNTU-CVE-2022-46344

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X...

CVE-2022-46834

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

CVE-2022-27581

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

PT-2022-6083 · Siemens · Scalance Sc632-2C +8

Name of the Vulnerable Software and Affected Versions: SCALANCE SC622-2C versions prior to V3.0 SCALANCE SC626-2C versions prior to V3.0 SCALANCE SC632-2C versions prior to V3.0 SCALANCE SC636-2C versions prior to V3.0 SCALANCE SC642-2C versions prior to V3.0 SCALANCE SC646-2C versions prior to...

PT-2022-27991 · Sick · Sick Rfu63X

Name of the Vulnerable Software and Affected Versions: SICK RFU63x firmware versions prior to 2.21 Description: The issue is related to the use of a broken or risky cryptographic algorithm, allowing a low-privileged remote attacker to decrypt encrypted data if weak cipher suites are used for...

CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...

The vulnerability of the luci-mod-system web interface of the LuCI configuration tool in the embedded operating system OpenWrt allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Luci-mod-system web interface configuration module in the embedded operating system OpenWrt is related to the lack of protection for the web page structure during the processing of SSH keys from the /etc/dropbear/authorizedkeys file. Exploiting this vulnerability allows a...

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU6xx RADIO FREQUEN. SENSOR

SICK received a report about a vulnerability in the SICK RFU6XX RADIO FREQUEN. SENSOR. The used SSH service allowed for weak cipher suites to be used in traffic encryption. If weak cipher suites are used for traffic encryption, an attacker could potentially decrypt the traffic, which would affect...

CVE-2022-38336

An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication...

PT-2022-24374 · Mobaxterm · Mobaxterm

Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 22.1 Description: An access control issue allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. Recommendations: For versions prior to 22.1, update to version 22.1...

The vulnerability of the SSH protocol implementation in Cisco Firepower Threat Defense’s microprogramming network interfaces and Cisco Firepower Management Center’s network management software allows a attacker to induce service failure.

The vulnerability of the SSH protocol implementation in Cisco Firepower Threat Defense’s microprogramming network interfaces and Cisco Firepower Management Center’s network management software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a maliciou...

CVE-2019-18265

Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in...

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

CVE-2022-20854

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper err...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

Cisco Firepower Management Center和Firepower Threat Defense 资源管理错误漏洞

Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD are both products of Cisco, Inc. Cisco Firepower Management Center is the next-generation firewall management center software. Cisco Firepower Threat Defense is a unified set of software that provides next-generation...

CVE-2022-30307

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...

CVE-2022-30307

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A security vulnerabili...