Lucene search
+L

294 matches found

CNNVD
CNNVD
added 2024/12/25 12:0 a.m.6 views

Apache MINA 安全漏洞

Apache MINA is a web application framework from the Apache USA Foundation. It is primarily used for developing high-performance and highly scalable web applications. A security vulnerability exists in Apache MINA versions 2.0.X, 2.1.X, and 2.2.X. The vulnerability stems from a lack of necessary...

10CVSS7.7AI score0.23932EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/12/24 12:0 a.m.6 views

PT-2024-9987

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.X through 2.2.X Description The ObjectSerializationDecoder in Apache MINA lacks necessary security checks when processing incoming serialized data using Java’s native deserialization protocol. This allows attackers to...

10CVSS8.2AI score0.23932EPSS
Exploits1References373
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 1:36 p.m.25 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure (CVE-2023-35887)

Summary IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers...

5CVSS5.9AI score0.01311EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2024/08/16 1:11 a.m.21 views

CVE-2024-41909

A flaw was found in Apache MINA SSHD. This flaw allows an attacker who can intercept traffic between the client and server to drop certain packets from the stream. This potentially causes a Terrapin attack where the client and server consequently end up with a connection for which some security...

5.9CVSS5.8AI score0.00581EPSS
Exploits0References5
CNVD
CNVD
added 2024/08/14 12:0 a.m.21 views

Apache MINA SSHD Security Bypass Vulnerability

Apache MINA SSHD is a pure Java library from the U.S. Apache Apache Foundation that supports both client-side and server-side SSH protocols. A security bypass vulnerability exists in Apache MINA SSHD versions prior to 2.12.0, which can be exploited by an attacker to drop certain packets from a...

5.9CVSS6.6AI score0.00581EPSS
Exploits0References1
OSV
OSV
added 2024/08/12 6:30 p.m.35 views

GHSA-2326-HX7G-3M9R Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

8.2CVSS6.6AI score0.00581EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/08/12 6:30 p.m.73 views

Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

5.9CVSS6AI score0.00581EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2024/08/12 4:15 p.m.71 views

CVE-2024-41909

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

5.9CVSS0.00581EPSS
Exploits0References3
CVE
CVE
added 2024/08/12 4:0 p.m.140 views

CVE-2024-41909

CVE-2024-41909 references a Terrapin-like downgrade risk in SSH streams similar to CVE-2023-48795, where an attacker intercepting traffic could cause packet drops that lead to downgraded or disabled security features on both client and server ends. Technical details in the connected documents sho...

5.9CVSS6.8AI score0.00581EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/12 4:0 p.m.59 views

CVE-2024-41909 Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

7.2AI score0.00581EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/08/12 4:0 p.m.12 views

CVE-2024-41909

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

5.9CVSS6.8AI score0.00581EPSS
Exploits0
Cvelist
Cvelist
added 2024/08/12 4:0 p.m.61 views

CVE-2024-41909 Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

0.00581EPSS
Exploits0References2
OSV
OSV
added 2024/08/12 4:0 p.m.25 views

CVE-2024-41909 Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

5.9CVSS6.8AI score0.00581EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.5 views

PT-2024-29627 · Apache · Apache Mina Sshd

Name of the Vulnerable Software and Affected Versions: Apache MINA SSHD versions prior to 2.12.0 Description: The issue, also known as a Terrapin attack, allows an attacker who can intercept traffic between the client and server to drop certain packets, potentially downgrading or disabling some...

8.2CVSS8.1AI score0.00581EPSS
Exploits0References17
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.7 views

Apache MINA SSHD 安全漏洞

Apache MINA SSHD is a pure Java library from the U.S. Apache Apache Foundation that supports both client-side and server-side SSH protocols. A security bypass vulnerability exists in Apache MINA SSHD versions prior to 2.12.0, which can be exploited by an attacker to drop certain packets from a...

5.9CVSS6.8AI score0.00581EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.30 views

CBL Mariner 2.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 10:33 p.m.28 views

Security Bulletin: IBM Cognos Analytics has addressed security vulnerabilities in JupyterHub, R Programming Language and Apache MINA (CVE-2024-28233, CVE-2024-27322, CVE-2019-0231, CVE-2021-41973)

Summary IBM Cognos Analytics is vulnerable to a cross-site scripting vulnerability XSS in JupyterHub and remote code execution RCE vulnerability in R Programming Language which is used by Jupyter Notebook. IBM Cognos Analytics has addressed a Denial of Service DOS vulnerability and an Information...

8.8CVSS9AI score0.23618EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/30 12:0 a.m.42 views

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
Broadcom
Broadcom
added 2024/05/23 12:0 a.m.15 views

Deserialization of Untrusted Data affecting org.apache.sshd:sshd-common package (CVE-2022-45047)

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

9.8CVSS6.4AI score0.03571EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/05/15 12:0 a.m.44 views

EulerOS Virtualization 2.11.0 : python-paramiko (EulerOS-SA-2024-1635)

According to the versions of the python-paramiko package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS7.1AI score0.93305EPSS
Exploits4References2
Rows per page
Query Builder