Lucene search
+L

114 matches found

Rockylinux
Rockylinux
added 2022/09/20 11:38 a.m.18 views

openssh bug fix update

An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

1AI score
Exploits0
OSV
OSV
added 2022/05/05 5:15 p.m.4 views

CVE-2022-26340

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacke...

4.9CVSS5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/05/04 12:0 a.m.28 views

F5 Networks BIG-IP : BIG-IP and BIG-IQ SCP vulnerability (K38271531)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K38271531 advisory. An authenticated, high-privileged attacker with no bash accessmay be able to access...

4.9CVSS5.5AI score0.00435EPSS
Exploits0References2
OSV
OSV
added 2021/09/09 5:15 a.m.4 views

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS5.9AI score0.01581EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/09/09 5:0 a.m.11 views

CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS6.8AI score0.01581EPSS
Exploits0References1
CVE
CVE
added 2021/09/09 5:0 a.m.107 views

CVE-2021-34718

Cisco IOS XR Software contains an Arbitrary File Read/Write vulnerability in the SSH Server, exploitable by an authenticated, remote attacker via crafted SCP parameters during login. The issue stems from insufficient input validation of user-supplied arguments for the SCP file-transfer method, en...

8.5CVSS7.9AI score0.01581EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/09 5:0 a.m.26 views

CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS8.1AI score0.01581EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/09/08 4:0 p.m.2 views

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.5CVSS7.4AI score0.01581EPSS
Exploits0References2
Cisco
Cisco
added 2021/09/08 4:0 p.m.50 views

Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS8AI score0.01581EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/07/08 12:0 a.m.11 views

The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.

The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...

7.8CVSS7.3AI score0.02267EPSS
Exploits0References5Affected Software3
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.5 views

CommScope Ruckus IoT Controller 安全漏洞

The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A security vulnerability exists in the IoT Controller...

9.8CVSS7.8AI score0.13773EPSS
Exploits4References7
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.8 views

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

...

7.8CVSS7AI score0.12996EPSS
Exploits6
OSV
OSV
added 2020/07/24 2:15 p.m.7 views

DEBIAN-CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...

7.4CVSS6.8AI score0.12996EPSS
Exploits6References1
Positive Technologies
Positive Technologies
added 2020/07/01 12:0 a.m.7 views

PT-2020-18804 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 11.6.1 through 11.6.5.2 BIG-IP versions 12.1.0 through 12.1.5.2 BIG-IP versions 13.1.0 through 13.1.3.3 Description: The issue arises from the BIG-IP system's failure to properly enforce access controls for the scp.blacklist...

8.1CVSS7.8AI score0.01185EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/03/18 12:0 a.m.6 views

The vulnerability of the File Store Service, a component of the Service Fabric application, allows a perpetrator to escalate their privileges.

The vulnerability of the File Store Service of the Service Fabric application is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to enhance their privileges by modifying the configuration file and connecting to SMB or SCP ports...

10CVSS7.8AI score0.02926EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/10/02 12:0 a.m.9 views

PT-2019-3616 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Copy SCP feature could allow an authenticated, remote attacker to cause a denial of service DoS condition. The issue is...

6.8CVSS5.7AI score0.01488EPSS
Exploits0References5
CNVD
CNVD
added 2019/06/12 12:0 a.m.6 views

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24249)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain WSFTP usernames and filenames via the SCP protocol...

5.3CVSS6.8AI score0.01991EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/12 12:0 a.m.6 views

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24247)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain pathnames on the host operating system via the SCP...

7.5CVSS6.8AI score0.04735EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.7 views

PT-2019-12655 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: Progress ipswitch WS FTP Server versions prior to 8.6.1 Description: A Directory Traversal issue was discovered in SSHServerAPI.dll. An attacker can supply a string using special patterns via the SCP protocol to disclose WS FTP usernames as...

5.3CVSS5.2AI score0.01991EPSS
Exploits0References2
Cisco
Cisco
added 2019/03/06 4:0 p.m.108 views

Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature

Cisco Nexus devices support an automatic provisioning or zero-touch deployment feature called PowerOn Auto Provisioning POAP. This feature assists in automating the initial deployment and configuration of Nexus switches. POAP is enabled by default and activates on devices that have no startup...

0.5AI score
Exploits0References1
Rows per page
Query Builder