13 matches found
EUVD-2021-22990
Malware in sbrugna...
EUVD-2022-40927
Malicious code in bioql PyPI...
BIT-MINIO-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key
MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...
CVE-2025-27414
MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...
CVE-2025-27414
CVE-2025-27414 concerns MinIO SFTP authentication, where a bug in evaluating the trust of an SSH key used for LDAP-backed SFTP access can allow unauthorized data access. A MinIO server configured for SFTP with LDAP, and a user (or a group) whose LDAP entry lacks the sshPublicKey attribute, can ca...
Mobatek MobaXterm < 22.3 (CVE-2022-38337)
The version of Mobatek MobaXterm installed on the remote host is prior to 22.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-38337 advisory. - When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as...
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...
Mageia: Security Advisory (MGASA-2022-0086)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0086 Updated mc packages fix security vulnerability
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. CVE-2021-36370...
Privilege Escalation
mc is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization of the fingerprint of the server when establishing an SFTP connection...
CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...
PuTTY < 0.57 SFTP Remote Buffer Overflow
Binary data 2637.prm...