Lucene search
K

151 matches found

Cvelist
Cvelist
added 2021/02/01 1:39 a.m.15 views

CVE-2020-15833

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner...

9.4AI score0.01648EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/01/02 5:51 p.m.32 views

CVE-2013-3619

Intelligent Platform Management Interface IPMI with firmware for Supermicro X9 generation motherboards before SMTX9317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the 1 Lighttpd web server SSL interface and the 2 Dropbear S...

8.1AI score0.09688EPSS
Exploits2References5
OSV
OSV
added 2018/10/08 3:29 p.m.6 views

CVE-2018-5399

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...

9.8CVSS7.3AI score0.02095EPSS
Exploits0References2
Prion
Prion
added 2018/10/08 3:29 p.m.27 views

Hardcoded credentials

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...

10CVSS9.7AI score0.02095EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2017/12/14 12:0 a.m.6 views

The vulnerability of the SSH Dropbear session management software lies in insufficient input data validation, allowing an attacker to execute arbitrary code.

The vulnerability of the SSH Dropbear session management software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using the percent symbol “%” as a format specifier in arguments for “username” or “host”...

10CVSS8.2AI score0.10494EPSS
Exploits0References7Affected Software1
OpenVAS
OpenVAS
added 2017/06/06 12:0 a.m.96 views

Dropbear Symlink Local File Read Vulnerability (CVE-2017-9079)

Dropbear is prone to a local file read vulnerability via symlinks. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.7CVSS4.6AI score0.00297EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/28 12:0 a.m.16 views

Dropbear SSH < 2015.68.0 DoS

Binary data 700026.prm...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/28 12:0 a.m.34 views

Dropbear SSH Remote < 0.43.0 Privilege Escalation

Binary data 700025.prm...

7.5CVSS7AI score0.03028EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/28 12:0 a.m.34 views

Dropbear SSH < 2016.72.0 Command Injection

Binary data 700027.prm...

6.4CVSS7.3AI score0.19302EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2017/03/28 12:0 a.m.13 views

Dropbear SSH Server Detection

Binary data 700029.prm...

7.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2017/03/03 4:59 p.m.42 views

CVE-2016-7407

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file...

10CVSS7.5AI score0.05542EPSS
Exploits0References3
NVD
NVD
added 2017/03/03 4:59 p.m.24 views

CVE-2016-7406

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...

10CVSS9.7AI score0.10494EPSS
Exploits0References6
Prion
Prion
added 2017/03/03 4:59 p.m.25 views

Format string

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...

10CVSS8.1AI score0.10494EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2017/03/03 4:59 p.m.52 views

CVE-2016-7406

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...

10CVSS7.5AI score0.10494EPSS
Exploits0References3
OSV
OSV
added 2017/03/03 4:59 p.m.11 views

CVE-2016-7406

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...

9.8CVSS9.7AI score0.10494EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2017/03/03 4:59 p.m.41 views

CVE-2016-7408

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted 1 -m or 2 -c argument...

8.8CVSS7.4AI score0.03967EPSS
Exploits0References3
Prion
Prion
added 2017/03/03 4:59 p.m.28 views

Code injection

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted 1 -m or 2 -c argument...

6.5CVSS8AI score0.03967EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2017/03/03 4:59 p.m.17 views

CVE-2016-7409

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUGTRACE, allows local users to read process memory via the -v argument, related to a failed remote ident...

5.5CVSS5.2AI score0.00452EPSS
Exploits0References5
OSV
OSV
added 2017/03/03 4:59 p.m.8 views

CVE-2016-7409

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUGTRACE, allows local users to read process memory via the -v argument, related to a failed remote ident...

5.5CVSS6.4AI score
Exploits0References5
Prion
Prion
added 2017/03/03 4:59 p.m.16 views

Design/Logic Flaw

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUGTRACE, allows local users to read process memory via the -v argument, related to a failed remote ident...

2.1CVSS6.6AI score0.00452EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder