Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.9 views

CVE-2023-45140

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

4.8CVSS6.8AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-22990

Malware in sbrugna...

7.5CVSS7.4AI score0.02216EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-49452

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.00387EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-40927

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00729EPSS
Exploits0References2
OSV
OSV
added 2025/04/14 11:14 a.m.9 views

BIT-MINIO-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

8.2CVSS7.9AI score0.00512EPSS
Exploits0References4
NVD
NVD
added 2025/02/28 9:15 p.m.46 views

CVE-2025-27414

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

8.2CVSS0.00512EPSS
Exploits0References3
CVE
CVE
added 2025/02/28 9:6 p.m.122 views

CVE-2025-27414

CVE-2025-27414 concerns MinIO SFTP authentication, where a bug in evaluating the trust of an SSH key used for LDAP-backed SFTP access can allow unauthorized data access. A MinIO server configured for SFTP with LDAP, and a user (or a group) whose LDAP entry lacks the sshPublicKey attribute, can ca...

8.2CVSS7.1AI score0.00512EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.108 views

Mobatek MobaXterm < 22.3 (CVE-2022-38337)

The version of Mobatek MobaXterm installed on the remote host is prior to 22.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-38337 advisory. - When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as...

9.1CVSS7.2AI score0.00729EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/05 12:0 a.m.22 views

CVE-2022-38337

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...

9.4AI score0.00729EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/03/07 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2022-0086)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02216EPSS
Exploits1References4
OSV
OSV
added 2022/03/06 10:40 a.m.5 views

MGASA-2022-0086 Updated mc packages fix security vulnerability

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. CVE-2021-36370...

7.5CVSS7.4AI score0.02216EPSS
Exploits1References3
Veracode
Veracode
added 2021/09/05 1:45 a.m.13 views

Privilege Escalation

mc is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization of the fingerprint of the server when establishing an SFTP connection...

7.5CVSS2.7AI score0.02216EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/30 7:15 p.m.3 views

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5CVSS5.4AI score0.02216EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2021/08/30 7:15 p.m.355 views

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

7.5CVSS7.1AI score0.02216EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2005/02/22 12:0 a.m.15 views

PuTTY < 0.57 SFTP Remote Buffer Overflow

Binary data 2637.prm...

7.5CVSS7.3AI score0.04041EPSS
Exploits0References1
Rows per page
Query Builder