CVE-2021-1572 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

CVE-2021-31580

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...

PuTTY 数据伪造问题漏洞

PuTTY is a free set of Telnet, Rlogin and SSH client software from Simon Tatham's personal developer. The software is primarily used for remote administration of Linux systems. PuTTY is vulnerable to a data forgery issue that could be exploited by an attacker to cause a controlled SSH server to...

The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.

The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...

The vulnerability of the OpenSSH cryptographic protection implementation arises from a possible integer overflow, allowing an attacker to execute arbitrary code.

The vulnerability of the OpenSSH cryptographic protection implementation arises due to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code...

CVE-2020-27362

An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges...

CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mod...

The vulnerability of the sshd service in the OpenSSH encryption protection mechanism allows a hacker to induce a service failure.

The vulnerability of the sshd service in the OpenSSH encryption protection mechanism is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2021-32496

SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects...

[SECURITY] Fedora 33 Update: openssh-8.4p1-7.fc33

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Inadequate SSH configuration in SICK Visionary-S CX

SICK received a report that informed SICK about an Inadequate Encryption Strength vulnerability in the SICK product “SICK Visionary-S CX” concerning the internal SSH interface solely used by SICK for recovering returned devices. Currently SICK is not aware of any public exploits specifically...

CVE-2021-31585

Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access...

Accellion Kiteworks 安全漏洞

Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An elevation of privilege vulnerability exists in Accellion Kiteworks versions prior to 7.3.1. An attacker can exploit this vulnerability to access SSH...

The vulnerability of SSH clients on operating systems such as iOS, iPadOS, macOS, tvOS, and watchOS allows attackers to compromise the integrity of protected information.

The vulnerability of SSH clients for operating systems such as iOS, iPadOS, macOS, tvOS, and watchOS is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of protected information from a remote perspective...

PT-2021-4019 · Putty +1 · Putty +1

Name of the Vulnerable Software and Affected Versions: PuTTY versions through 0.75 Description: The issue is related to insufficient authentication data verification in the implementation of the SSH protocol in PuTTY. This can allow a remote attacker to gain unauthorized access to protected...

Vulnerabilities fixed in Cisco ASR 5000 series

Cisco has fixed vulnerabilities in StarOS as used by ASR 5000-series devices. The vulnerabilities allow an authenticated remote malicious party able to further authentication to bypass and execute restricted unauthenticated commands execute. To do this, the malicious party must send rogue SSH...

CVE-2021-21527

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges to escalate privileges...

The vulnerability of SSH-agent’s identification keys in the OpenSSH cryptographic protection mechanism allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of SSH-agent’s identification keys in the OpenSSH encryption method is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause service failures or execute arbitrary code...

Cohesity DataPlatform 信任管理问题漏洞

Cohesity DataPlatform is a suite of platforms from Cohesity for managing ancillary data and applications. The platform is primarily used for data backup, instant recovery, and more. A security vulnerability exists in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 throu...

CVE-2021-27245

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...