PYSEC-2022-160

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

PT-2022-16703 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Key Manager Plus version 6.1.6 Description: An issue was discovered where a user with the level Operator can see all SSH servers and user information, even if no SSH server or user is associated with the operator...

CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service DoS via a crafted packet through the SSH service...

CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service DoS via a crafted packet through the SSH service...

Core FTP 缓冲区错误漏洞

Core FTP is a file transfer server. Core FTP / SFTP Server v2 Build 725 suffers from a buffer error vulnerability that could allow an unauthenticated attacker to cause a denial of service DoS via a SSH service via a crafted packet...

PT-2022-15725 · Unknown · Core Ftp Server

Name of the Vulnerable Software and Affected Versions: Core FTP / SFTP Server version 2 Build 725 Description: The issue allows unauthenticated attackers to cause a Denial of Service DoS via a crafted packet through the SSH service. Recommendations: For Core FTP / SFTP Server version 2 Build 725,...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

Vulnerability fixed in VMware NSX Edge

A vulnerability has been fixed in VMware NSX Edge. A authenticated malicious person with SSH access could potentially execute arbitrary commands on the underlying system with root privileges. Although this product is typically connected to a publicly accessible network, it is good practice to mak...

PT-2022-17138 · Jenkins · Jenkins Ftp Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SCP publisher Plugin versions 1.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. The...

Jenkins 插件权限许可和访问控制问题漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins SCP publisher Plugin 1.8 and earlier versions have an access control error vulnerability that stems from not...

CVE-2019-16864

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM...

Enterprise Distributed Technologies CompleteFTP Server 命令注入漏洞

Enterprise Distributed Technologies CompleteFTP Server is a Windows-based SFTP SHH File Transfer Protocol server from Enterprise Distributed Technologies, Australia. A security vulnerability exists in Enterprise Distributed Technologies CompleteFTP Server versions prior to 12.1.4 that stems from...

CVE-2022-22722

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...

Mageia: Security Advisory (MGASA-2021-0372)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-15856 · Jenkins · Jenkins Publish Over Ssh Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: The issue allows attackers with Item/Configure permission to discover the name of the Jenkins controller files due to a path traversal vulnerability. This occurs because t...

Stormshield Network Security 代码问题漏洞

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. Stormshield Network Security SNS suffers from a code issue vulnerability that stems from the first SSH password change not properly clearing the old password under certain update...

Denial of Service (DoS)

Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Denial of Service DoS by accepting an infinite amount of data for the peer's SSH version identifier. it is possible to be exploited via SSH transpor...

Home Assistant 安全漏洞

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant Community Add-on: SSH & Web Terminal versions prior to 10.0.0. There is no information about this vulnerability at...

CVE-2021-43399

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device...

The vulnerability of the SSH control function for Cisco Access Points (APs) allows a hacker to elevate their privileges to the root level.

The vulnerability of the SSH control function for Cisco Access Points APs is related to improper checking of file operations in the SSH control interface. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...