Lucene search
K

2297 matches found

Tenable Nessus
Tenable Nessus
added 2020/04/30 12:0 a.m.27 views

F5 Networks BIG-IP : F5 secure shell vulnerability (K03585731)

A user associated with the Resource Administrator role who has access to the secure copy scp utilitybut does not have access to Advanced Shell bashcan execute arbitrary commands using a maliciously crafted scp request.CVE-2020-5873 Impact An authenticated user with Resource Administrator role can...

7.2CVSS7.1AI score0.01386EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/24 12:0 a.m.9 views

Ntop nDPI Input Validation Error Vulnerability

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. An input validation error vulnerability exists in the SSH protocol parser in Ntop nDPI 3.2 Stable and prior versions, which can be exploited by attackers to execute code or perform network traffic analysis...

9.8CVSS7.5AI score0.03302EPSS
Exploits1References1
OSV
OSV
added 2020/04/23 3:15 p.m.4 views

DEBIAN-CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...

9.8CVSS8.7AI score0.03302EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/22 12:0 a.m.2 views

Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25367)

Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in Evenroute IQrouter 3.3.1 and earlier versions, which stems from an empty password for the root account. The vulnerability can be exploited by an attacker to gain full remote access with the help of the...

9.8CVSS7.3AI score0.02017EPSS
Exploits0References1
OSV
OSV
added 2020/04/21 1:15 p.m.3 views

CVE-2020-11965

In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step fo...

9.8CVSS7.3AI score0.02017EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2020/04/10 12:0 a.m.8 views

VulnCheck KEV: CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

5.7CVSS5.8AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2020/04/08 6:15 p.m.5 views

CVE-2020-10262

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...

6.8CVSS6.8AI score0.00549EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2020/03/26 12:0 a.m.6 views

The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik allows a hacker to cause a service failure.

The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik routers is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures by using system calls like connect and write...

7.8CVSS7.2AI score0.02594EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/03/25 9:15 p.m.5 views

CVE-2020-10888

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during...

9.8CVSS6.6AI score0.02457EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/24 12:0 a.m.3 views

MikroTik routers resource management error vulnerability

MikroTik routers is a router product from the Latvian company MikroTik. A security vulnerability exists in the SSH daemon in MikroTik routers v6.44.3 and earlier versions. A remote attacker could exploit the vulnerability to cause new authorized connections to fail...

7.8CVSS6.8AI score0.02594EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/03/18 12:0 a.m.7 views

PT-2020-6923 · Mikrotik · Mikrotik Routeros

Name of the Vulnerable Software and Affected Versions: MikroTik Router versions 6.46.3 and earlier Description: The issue allows an attacker to cause a denial of service via misconfiguration in the SSH daemon, potentially leading to uncontrolled resource consumption. This can be exploited by a...

7.8CVSS7.4AI score0.01341EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2020/03/10 12:0 a.m.4 views

The vulnerability in the implementation of the Secure Shell protocol for the Windows operating system allows a perpetrator to increase their privileges.

The vulnerability of the SSH protocol implementation in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

7.8CVSS7.2AI score0.00914EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/03/02 12:0 a.m.37 views

Cisco IOS XR Software Secure Shell Authentication Vulnerability (cisco-sa-20190605-iosxr-ssh)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software that could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The...

5.5CVSS6.4AI score0.01208EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.25 views

Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass (cisco-sa-20191120-iosxr-ssh-bypass)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the access-control logic of the NETCONF over Secure Shell SSH due to a missing check in the NETCONF over SSH access control list ACL. An unauthenticated, remote attacker can exploit this, by by...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References3
OSV
OSV
added 2020/02/20 8:15 p.m.1 views

DEBIAN-CVE-2020-9283

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

7.5CVSS7.6AI score0.21052EPSS
Exploits6References1
CNVD
CNVD
added 2020/02/12 12:0 a.m.2 views

Microsoft Windows and Windows Server Privilege Mobilization Vulnerability (CNVD-2020-10153)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A privilege extraction vulnerability exists in Microsoft Windows and Windows Server, which...

7.8CVSS7.8AI score0.00914EPSS
Exploits0References1
OSV
OSV
added 2020/02/11 10:15 p.m.2 views

CVE-2020-0757

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'...

7.8CVSS7.2AI score0.00914EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2020/02/11 8:0 a.m.23 views

Windows SSH Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to...

8.2CVSS4.2AI score0.00914EPSS
Exploits0
CNVD
CNVD
added 2020/01/19 12:0 a.m.3 views

SaltStack Salt Command Injection Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A command injection vulnerability exists in the salt-api NEST API ssh client enabled in SaltStack Salt 2019.2.0 and earlier. The...

9.8CVSS9.8AI score0.15106EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/12/23 12:0 a.m.4 views

The vulnerability of the WiFiRanger router’s microprogramming software, related to key management errors, allows a hacker to obtain access to the SSH key and gain root account access to the system.

The vulnerability of the WiFiRanger router’s microprogramming software is related to key management errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain access to the SSH key and gain control of the system with the root account...

8.8CVSS7.6AI score0.01853EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder