Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2024/08/14 9:18 p.m.21 views

Russh has an OOM Denial of Service due to allocation of untrusted amount

Summary Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. Details An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory...

7.5CVSS7.8AI score0.00912EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blogadded 2023/03/17 2:42 p.m.17 views

russh may use insecure Diffie-Hellman keys

Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $eDH Public Key values MUST be checked and both conditions: - $1...

5.9CVSS6AI score0.00617EPSS
Exploits1References9Affected Software1
Microsoft Secure
Microsoft Secureadded 2021/09/02 4:0 p.m.156 views

A deep-dive into the SolarWinds Serv-U SSH vulnerability

Several weeks ago, Microsoft detected a 0-day remote code execution exploit being used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributed the attack with high confidence to DEV-0322, a group operating out of Chin...

10CVSS10AI score0.9116EPSS
Exploits2
Tenable Nessus
Tenable Nessusadded 2016/04/04 12:0 a.m.2231 views

SSH Weak Algorithms Supported

Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid90317; scriptversion"1.4";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2015/03/26 12:0 a.m.43 views

Debian DLA-173-1 : putty security update

MATTA-2015-002 Florent Daigniere discovered that PuTTY did not enforce an acceptable range for the Diffie-Hellman server value, as required by RFC 4253, potentially allowing an eavesdroppable connection to be established in the event of a server weakness. 779488 CVE-2015-2157 Patrick Coleman...

2.1CVSS5.3AI score0.00585EPSS
Exploits0References3
Debian
Debianadded 2015/03/15 6:12 p.m.27 views

[SECURITY] [DLA 173-1] putty security update

Package : putty Version : 0.60+2010-02-20-1+squeeze3 CVE ID : CVE-2015-2157 Debian Bug : 779488 MATTA-2015-002 Florent Daigniere discovered that PuTTY did not enforce an acceptable range for the Diffie-Hellman server value, as required by RFC 4253, potentially allowing an eavesdroppable connectio...

2.1CVSS5.8AI score0.00585EPSS
Exploits0
Rows per page
Query Builder