Lucene search
K

98 matches found

Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.7 views

PT-2025-7536 · Cisco · Cisco Desk Phone 9800 Series +1

Name of the Vulnerable Software and Affected Versions: Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series affected versions not specified Description: A vulnerability in the debug shell of the affected devices could allow an authenticated, local attacker to access sensitive information on th...

4.6CVSS6.6AI score0.00146EPSS
Exploits0References6
OSV
OSV
added 2025/01/17 5:15 p.m.4 views

CVE-2024-26155

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable ...

8.6CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/23 12:0 a.m.6 views

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.13.1, which...

9.8CVSS6.5AI score0.00837EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.4 views

MOBATIME Network Master Clock 安全漏洞

MOBATIME Network Master Clock is a clock program from MOBATIME, Inc. It is used to build and run large-scale clock systems. A security vulnerability exists in MOBATIME Network Master Clock DTS 4801. An attacker exploiting this vulnerability could gain initial access via SSH using default...

9.8CVSS6.8AI score0.00432EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/10/18 12:0 a.m.5 views

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...

6.5CVSS7.2AI score0.01641EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/17 12:0 a.m.6 views

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...

10CVSS7.3AI score0.02223EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/24 4:15 p.m.21 views

CVE-2024-31970

AdTran SRG 834-5 HDC17600021F1 devices with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1 have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with...

8.8CVSS6.1AI score0.00608EPSS
Exploits0References3
OSV
OSV
added 2024/05/02 2:15 p.m.4 views

CVE-2024-34146

Jenkins Git server Plugin 114.v068ac7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories...

6.5CVSS6.5AI score
Exploits0References2
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.6 views

KDDI HGW BL1500HM 安全漏洞

The KDDI HGW BL1500HM is a home router from KDDI Japan. A security vulnerability exists in HGW BL1500HM 002.001.013 and earlier versions, which stems from a vulnerability that allows an attacker to connect to the product via SSH and using a shell...

6.5CVSS8.5AI score0.00357EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.8 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server 3.8.0 and later versions, which...

8CVSS6.9AI score0.01616EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.7 views

PT-2024-20491 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8.0 through 3.12.0 Description: An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This issue was reported via the GitHub Bug Bounty...

8CVSS8.4AI score0.01616EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.5 views

GitHub Enterprise Server Command Injection Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...

9.1CVSS7.5AI score0.02275EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.3 views

GitHub Enterprise Server Command Injection Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...

9.1CVSS7.5AI score0.02632EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.8 views

PT-2023-9826

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1 Description The issue is related to errors in handling symbolic links in the Gogs self-hosted Git service. A malicious user can commit and edit a crafted symlink file to a repository, allowing them to gain SSH...

9.9CVSS7.9AI score0.75197EPSS
Exploits5References74
BDU FSTEC
BDU FSTEC
added 2023/10/13 12:0 a.m.5 views

The vulnerability of the microprogrammed software in Siemens SICAM CP-8031 and CP-8050 control modules allows a hacker to gain full control over the device.

The vulnerability of the microprogrammed software in Siemens SICAM CP-8031 and CP-8050 control modules is related to the presence of a rigidly programmed “authorizedkeys” identifier in the SSH configuration file. Exploiting this vulnerability allows a malicious actor to gain full control over the...

10CVSS7.1AI score0.00363EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/09/21 3:30 p.m.6 views

Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c4v-42hc-72p6. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the...

8.8CVSS5.5AI score0.00159EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/21 1:17 p.m.10 views

CVE-2023-43631 SSH as Root Unlockable Without Triggering Measured Boot

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

8.8CVSS7.2AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.4 views

PT-2023-4676 · Unknown · Mxsecurity

Name of the Vulnerable Software and Affected Versions: MXsecurity versions prior to v1.0.1 Description: The issue is related to the use of a hard-coded SSH host key in the MXsecurity platform, which may facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. This could put...

7.8CVSS6.9AI score0.00369EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.5 views

PT-2023-4084 · Siemens · Simatic Cn 4100

Name of the Vulnerable Software and Affected Versions: SIMATIC CN 4100 versions prior to V2.5 Description: A vulnerability has been identified in the SIMATIC CN 4100, related to an incorrect default value in the SSH configuration. This issue could allow an attacker to bypass network isolation. Th...

10CVSS9.3AI score0.0036EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.6 views

PT-2023-2547 · Cisco · Cisco Staros

Name of the Vulnerable Software and Affected Versions: Cisco StarOS Software affected versions not specified Description: The issue arises from insufficient validation of user-supplied credentials in the key-based SSH authentication feature. This could allow a remote attacker to elevate privilege...

9CVSS8.7AI score0.00861EPSS
Exploits0References4
Rows per page
Query Builder