CVE-2020-10888

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during...

MikroTik routers resource management error vulnerability

MikroTik routers is a router product from the Latvian company MikroTik. A security vulnerability exists in the SSH daemon in MikroTik routers v6.44.3 and earlier versions. A remote attacker could exploit the vulnerability to cause new authorized connections to fail...

PT-2020-6923 · Mikrotik · Mikrotik Routeros

Name of the Vulnerable Software and Affected Versions: MikroTik Router versions 6.46.3 and earlier Description: The issue allows an attacker to cause a denial of service via misconfiguration in the SSH daemon, potentially leading to uncontrolled resource consumption. This can be exploited by a...

The vulnerability in the implementation of the Secure Shell protocol for the Windows operating system allows a perpetrator to increase their privileges.

The vulnerability of the SSH protocol implementation in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

Cisco IOS XR Software Secure Shell Authentication Vulnerability (cisco-sa-20190605-iosxr-ssh)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software that could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The...

Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass (cisco-sa-20191120-iosxr-ssh-bypass)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the access-control logic of the NETCONF over Secure Shell SSH due to a missing check in the NETCONF over SSH access control list ACL. An unauthenticated, remote attacker can exploit this, by by...

DEBIAN-CVE-2020-9283

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

Microsoft Windows and Windows Server Privilege Mobilization Vulnerability (CNVD-2020-10153)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A privilege extraction vulnerability exists in Microsoft Windows and Windows Server, which...

CVE-2020-0757

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'...

Windows SSH Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to...

SaltStack Salt Command Injection Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A command injection vulnerability exists in the salt-api NEST API ssh client enabled in SaltStack Salt 2019.2.0 and earlier. The...

The vulnerability of the WiFiRanger router’s microprogramming software, related to key management errors, allows a hacker to obtain access to the SSH key and gain root account access to the system.

The vulnerability of the WiFiRanger router’s microprogramming software is related to key management errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain access to the SSH key and gain control of the system with the root account...

CVE-2019-19141

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as on a default Ubuntu installation...

The vulnerability of Zyxel GS1900 series router microprogramming software lies in the fact that both users and administrators have identical access privileges when connecting via SSH. This allows a hacker to exploit this privilege to gain increased access.

The vulnerability of Zyxel GS1900 series router microprogramming software is related to the presence of identical access privileges when connecting via SSH for both users and administrators. Exploiting this vulnerability allows a malicious actor to enhance their privileged status remotely...

Cisco IOS Software Multiple DoS Vulnerabilities (cisco-sa-20180328-slogin)

According to its self-reported version, Cisco IOS Software is affected by two denial of service DoS vulnerabilities the Login Enhancements Login Block feature due to an attempt to free an area of memory that has not been previously allocated. An unauthenticated, remote attacker can trigger a relo...

Cisco IOS XE Software Secure Shell Connection on VRF (cisco-sa-20190109-ios-ssh-vrf)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the access control logic of the Secure Shell SSH server due to a missing check in the SSH server. An authenticated, remote attacker can exploit this, by providing valid credentials to access a device i...

Cisco IOS Software Secure Shell Connection on VRF (cisco-sa-20190109-ios-ssh-vrf)

According to its self-reported version, Cisco IOS Software is affected by a vulnerability in the access control logic of the Secure Shell SSH server due to a missing check in the SSH server. An authenticated, remote attacker can exploit this, by providing valid credentials to access a device in...

CVE-2019-15998 Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability

A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...

CVE-2019-15998 Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability

A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...

The vulnerability of the implementation of the Secure Shell (SSH) protocol in Cisco Wireless LAN Controller (WLC), a microprogramming-based controller for wireless access, allows a hacker to induce a service failure.

The vulnerability of the implementation of the Secure Shell SSH network protocol in Cisco Wireless LAN Controller WLC software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...