Lucene search
K

97 matches found

OSV
OSV
added 2025/01/17 12:30 a.m.4 views

GHSA-8VQ4-8HFP-29XH Eugeny Tabby Sends Password Despite Host Key Verification Failure

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...

8.7CVSS4.5AI score0.00346EPSS
Exploits0References4
NVD
NVD
added 2025/01/16 10:15 p.m.27 views

CVE-2024-48460

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...

4.3CVSS0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 12:0 a.m.16 views

CVE-2024-48460

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...

0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/12 6:32 p.m.19 views

CVE-2024-40892 Firewalla BTLE Weak Credentials

A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...

7.1CVSS0.00922EPSS
Exploits1References2
OSV
OSV
added 2024/03/06 11:16 a.m.29 views

BIT-GITLAB-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...

7.5CVSS7.2AI score0.0083EPSS
Exploits0References3
CVE
CVE
added 2024/01/02 6:32 p.m.44 views

CVE-2022-3010

Summary: CVE-2022-3010 affects Priva TopControl Suite versions prior to 8.7.8.0, where an SSH credential deciphering vulnerability exists due to insecure password hashing (CWE-916). This could allow an attacker to calculate and use login credentials to access the affected components remotely. Aff...

7.5CVSS7.5AI score0.00487EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2023/08/17 2:26 p.m.120 views

New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities

A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware,...

10CVSS8.1AI score0.99731EPSS
Exploits181
The Hacker News
The Hacker News
added 2023/06/23 7:30 a.m.58 views

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

Internet-facing Linux systems and Internet of Things IoT devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal...

9.8CVSS9.9AI score0.69663EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/03/21 11:41 a.m.80 views

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLa...

7AI score
Exploits0
NVD
NVD
added 2023/03/08 7:15 p.m.9 views

CVE-2023-27486

xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...

8.8CVSS8AI score0.00853EPSS
Exploits1References4
Prion
Prion
added 2023/03/08 7:15 p.m.19 views

Design/Logic Flaw

xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...

6.5CVSS8.4AI score0.00853EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/03/08 6:53 p.m.17 views

CVE-2023-27486 Insufficient authorization validation between zones when xCAT zones are enabled

xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...

8.1CVSS8.2AI score0.00853EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/03/08 12:0 a.m.3 views

xCAT 安全漏洞

xCAT is a toolset that provides complete management for HPC clusters, render farms, grids, web farms, online gaming infrastructures, clouds, and data centers. A security vulnerability exists in xCAT versions prior to 2.16.5, which stems from the fact that if a zone is configured for cluster...

8.8CVSS7.9AI score0.00853EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.5 views

SUSE CVE-2015-2907

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

9CVSS6.9AI score0.02563EPSS
Exploits0References2
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2022/08/24 4:18 p.m.24 views

[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 08/24/2022 - 12:18 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...

9CVSS1.7AI score0.01247EPSS
Exploits0
OSV
OSV
added 2022/07/01 8:7 p.m.23 views

GO-2022-0438 Exposure of sensitive information via log file in github.com/hashicorp/go-getter

The getter package can write SSH credentials to its logfile, exposing credentials to local users able to read the logfile...

5.5CVSS5.5AI score0.00403EPSS
Exploits0References3
NVD
NVD
added 2022/06/21 3:15 p.m.21 views

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

6.5CVSS0.00699EPSS
Exploits0References1
Prion
Prion
added 2022/06/21 3:15 p.m.11 views

Command injection

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

4CVSS6.3AI score0.00699EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/21 2:23 p.m.29 views

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

7.5AI score0.00699EPSS
Exploits0References1
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2022/06/15 4:36 p.m.35 views

[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 06/15/2022 - 12:36 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...

9CVSS1.7AI score0.01247EPSS
Exploits0
Rows per page
Query Builder