Lucene search
K

162 matches found

CNNVD
CNNVD
added 2020/12/14 12:0 a.m.6 views

Liftoff GateOne 输入验证错误漏洞

Liftoff GateOne is a terminal emulator and SSH client based on an HTML5 implementation. An arbitrary command execution vulnerability exists in Liftoff GateOne. A remote attacker can exploit this vulnerability to execute arbitrary commands via shell metacharacters in the port field when attempting...

9.8CVSS7.7AI score0.02652EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/11/20 12:0 a.m.7 views

GaussDB Kernel: Checking the OPRADMIN Permission

A role with the OPRADMIN permission can use Roach to perform backup and restoration. To avoid arbitrary database file backup, delete roles that do not require the OPRADMIN permission. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2020/11/20 12:0 a.m.8 views

GaussDB Kernel: Configuring the Maximum Number of Audit Log Files

The parameter auditfileremainthreshold specifies the maximum number of audit log files. When the total number of audit log files exceeds the specified value, the system writes the warning information to the database logs, deletes the earliest audit log files, and records the deletion to the audit...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2020/11/20 12:0 a.m.6 views

GaussDB Kernel: Limiting Connections to the Database

To control the number of sessions that access the database, the number of sessions connected to the database must be limited, preferably within 1024. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2020/11/20 12:0 a.m.7 views

GaussDB Kernel: Checking the Administrator Whose ID Is 10

The system administrator with the ID 10 has the highest database permissions, that is, has all system and object permissions. It is recommended that this user be used only for DBA management instead of service applications. Carefully check the operation records of this system administrator...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2020/11/11 12:0 a.m.11 views

openGauss: Configuring the Maximum Logging Duration of a Log File

The parameter logrotationage specifies the maximum logging duration of a log file. After the time expires, another log file is automatically created. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.3AI score
Exploits0References1
Prion
Prion
added 2020/10/16 9:15 p.m.22 views

Memory corruption

On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash vmcore. Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of t...

7.8CVSS7.5AI score0.01062EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/16 8:31 p.m.26 views

CVE-2020-1683 Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling

On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash vmcore. Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of t...

7.5CVSS7.5AI score0.01062EPSS
Exploits0References1
Metasploit
Metasploit
added 2020/08/22 5:40 p.m.27 views

Cisco 7937G Denial-of-Service Attack

This module exploits a bug in how the conference station handles incoming SSH connections that provide an incompatible key exchange. By connecting with an incompatible key exchange, the device becomes nonresponsive until it is manually power cycled. Module Options msf use...

7AI score
Exploits0
NVD
NVD
added 2020/07/20 9:15 p.m.18 views

CVE-2020-3442

The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in order to complete authentication determined...

5.7CVSS5.3AI score0.00153EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/04/24 12:30 p.m.38 views

Wotop - Web On Top Of Any Protocol

WOTOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there's a proxy filtering all traffic except standard HTTPS traffic. Unlike other tools which either require you to be behind a proxy which let's you pass arbitrary traffic possibly after ...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/04/09 12:0 a.m.10 views

ZSQL: Password Grace Period

The password grace period is the days between password expiration warning and password expiration. In this grace period, users can change their passwords before password expiration, ensuring service continuity. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted fr...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/04/09 12:0 a.m.9 views

ZSQL: Number of Failed Login Attempts

The FAILEDLOGINATTEMPTS parameter specifies the maximum number of login attempts allowed before an account is locked. If the number of an account SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/04/09 12:0 a.m.11 views

ZSQL: Resource Limit of a Single User

Configure the resource limit to enable the maximum number of connections of a single user as defined in ADMPROFILES table. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/04/07 12:0 a.m.7 views

ZSQL: Check for users with DROP USER permission

Searches for users and roles with DROP USER permission and checks whether they are authorized to have it. A user with the DROP User permission can delete other users. If this permission is no longer necessary, revoke it. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/03/14 9:30 p.m.128 views

TEA - Ssh-Client Worm

A ssh-client worm made with tas framework. How it works? This is a fakessh-client that manipulates the tty input/output to execute arbitrary commands and upload itself through the ssh connection. To work properly, the remote machine needs: display the "Last login" message when login. dd and stty...

8.3AI score
Exploits0References2
Cvelist
Cvelist
added 2019/11/26 3:11 a.m.27 views

CVE-2019-15288 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...

8.8CVSS9AI score0.01746EPSS
Exploits0References1
Veeam
Veeam
added 2019/11/14 1:4 p.m.19 views

Backup jobs targeted at Linux backup repository fail after enabling FIPS 140-2 mode on repository server

Challenge After enabling FIPS mode on a Linux repository server, backup jobs fail; log review reveals that Veeam Backup & Replication is unable to make an SSH connection to the repository: 31.08.2019 00:00:00 Warning Failed to create SSH connection to host: '', port: 22, user: '', elevation to...

6.8AI score
Exploits0
Cisco
Cisco
added 2019/11/06 4:0 p.m.64 views

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...

8.8CVSS2.2AI score0.01746EPSS
Exploits0References1
Prion
Prion
added 2019/10/23 1:15 p.m.15 views

Design/Logic Flaw

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4CVSS6.3AI score0.00836EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder