Lucene search
K

55 matches found

CVE
CVE
added 2026/07/09 6:26 a.m.15 views

CVE-2026-47831

The vulnerability affects bosh-windows-stemcell-builder. The GenerateRandomPassword function uses a cryptographically weak RNG, enabling a remote attacker to brute-force SSH logins over TCP/22. Affected versions are prior to v2019.98. Mitigation: upgrade to v2019.98 or later. CVSS metrics indicat...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:16 p.m.3 views

CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:41 p.m.16 views

Malicious code in websocket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c15c40b8371646f167ffa7d5a2ba2c8d0fd454ef7054eeb41807a1a3eda8e7a6 On npm install, this package runs node test.js via scripts.postinstall, which executes the logic in index.js. The postinstall behavior performs three...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 3:57 p.m.13 views

Malicious code in hey-base32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5bbdc771de9f99f6454831cc2cd8c22f0af88dfeb3ec66a6c4d3b174c860517 The package advertises itself as a zero-dependency base32 encoder/decoder, but its CLI entry point bin/hey-base32.js starts a remote-access tunnel on...

5.6AI score
Exploits0References6
OSV
OSV
added 2026/06/09 3:57 p.m.13 views

MAL-2026-5398 Malicious code in hey-base32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5bbdc771de9f99f6454831cc2cd8c22f0af88dfeb3ec66a6c4d3b174c860517 The package advertises itself as a zero-dependency base32 encoder/decoder, but its CLI entry point bin/hey-base32.js starts a remote-access tunnel on...

5.6AI score
Exploits0References6
NVD
NVD
added 2026/03/04 8:16 a.m.8 views

CVE-2026-28777

International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...

9.8CVSS0.00486EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/18 7:30 p.m.7 views

CVE-2026-23647

Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded...

9.8CVSS5.8AI score0.00579EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-4112

Malware in sbrugna...

4.3CVSS6AI score0.01834EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-8100

Malware in sbrugna...

8CVSS7.8AI score0.00815EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2017-3670

Malware in sbrugna...

8CVSS7.2AI score0.00973EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-4111

Malware in sbrugna...

6.8CVSS6AI score0.02484EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/05/23 6:35 a.m.10 views

CVE-2024-28813

An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface...

8.4CVSS7AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 7:16 p.m.13 views

CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...

4.9CVSS0.00207EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.22 views

Security Update for Microsoft Visual Studio Code Remote SSH Extension (November 2024)

The Microsoft Visual Studio Code Remote SSH Extension is prior to version 0.115.1. It is, therefore, affected by an undisclosed elevation of privilege vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

7.1CVSS7.2AI score0.00426EPSS
Exploits0References2
Zero Science Lab
Zero Science Lab
added 2024/10/30 12:0 a.m.262 views

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Remote SSH Service Control

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerabl...

5.8AI score
Exploits0
0day.today
0day.today
added 2024/10/30 12:0 a.m.131 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control Vulnerability

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2024/09/30 12:0 a.m.17 views

CVE-2024-28813

An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface...

0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/30 12:0 a.m.14 views

CVE-2024-28813

An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface...

7.2AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.3 views

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

9.8CVSS7.3AI score0.01557EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.5 views

PT-2023-19365 · Baicells · Baicells Nova 233 +2

Name of the Vulnerable Software and Affected Versions: Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 Description: The issue concerns hardcoded credentials in the firmware of the affected devices. These credentials are easily discoverable a...

10CVSS9.2AI score0.01557EPSS
Exploits0References5
Rows per page
Query Builder