Tabby 安全漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client for Windows 10, macOS, and Linux from the individual developer Eugene. A security vulnerability exists in Tabby version 1.0.213, which stems from a vulnerability that allows a remote attacker to obtain sensitive...

Eaton X303 安全漏洞

The Eaton X303 is a programmable logic controller from Eaton Corporation USA. A security vulnerability exists in the Eaton X303 version 3.5.16 through 3.5.17 Build 712, which stems from a hard-coded root password in the firmware, and allows an attacker with network access to the XC-303 PLC to log...

The vulnerability of the SSH configuration function on the NSv Gen7 SonicOS Cloud cloud platform allows a hacker to elevate privileges to the root level and execute arbitrary code.

The vulnerability of the SSH configuration function on the NSv Gen7 SonicOS Cloud cloud platform is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to elevate privileges to the root level and execute arbitrary code...

The vulnerability of the SSH configuration function on SonicOS operating systems allows a hacker to perform an SSRF attack.

The vulnerability of the SSH configuration function in SonicOS operating systems is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

The vulnerability of Sophos Firewall’s network firewalls (formerly known as Sophos XG Firewall) allows attackers to gain unauthorized access to protected information.

The vulnerability of Sophos Firewall’s network interfaces formerly known as Sophos XG Firewall is related to the use of weak credentials. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information via SSH...

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.13.1, which...

CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 20.0.3...

Sophos Firewall 安全漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in versions prior to Sophos Firewall 20.0 MR3 20.0.3. An attacker exploiting this vulnerability could access the firewall as a privileged system via SSH...

PT-2024-9753

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 20.0 MR3 20.0.3 Description A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall. This issue could let an attacker gain unauthorized access to protected...

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python programming language allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python lies in insufficient validation of data authenticity. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” attacks remotely...

AZL-54290 CVE-2024-45337 affecting package packer for versions less than 1.9.5-5

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54330 CVE-2024-45337 affecting package packer for versions less than 1.9.5-4

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54315 CVE-2024-45337 affecting package podman 4.1.1-26

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54286 CVE-2024-45337 affecting package moby-compose for versions less than 2.17.3-9

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

AZL-54384 CVE-2024-45337 affecting package gh for versions less than 2.62.0-3

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

DEBIAN-CVE-2024-45337

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

MOBATIME Network Master Clock 安全漏洞

MOBATIME Network Master Clock is a clock program from MOBATIME, Inc. It is used to build and run large-scale clock systems. A security vulnerability exists in MOBATIME Network Master Clock DTS 4801. An attacker exploiting this vulnerability could gain initial access via SSH using default...

The vulnerability of the SSH server of the microprogrammed network interface devices of Cisco Adaptive Security Appliance (ASA) allows a attacker to execute arbitrary commands on the basic operating system as the root user.

The vulnerability of the SSH server of the microprogrammed network interface devices in Cisco Adaptive Security Appliance ASA is related to insufficient validation of data entered by users. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the basic operating...

The vulnerability in the implementation of the SSH network protocol for the microprogramming-based software of industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 allows a hacker to execute arbitrary commands.

The vulnerability of the SSH network protocol implementation in the microprogramming-based software for industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the lack of measures to neutralize special elements used in operating system commands...

PT-2024-9086 · Billion Electric · Billion Electric Routers

Name of the Vulnerable Software and Affected Versions: Billion Electric routers affected versions not specified Description: The issue concerns an OS Command Injection vulnerability in certain models of Billion Electric routers. This vulnerability allows remote attackers with administrator...