97 matches found
GHSA-8VQ4-8HFP-29XH Eugeny Tabby Sends Password Despite Host Key Verification Failure
An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...
CVE-2024-48460
An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...
CVE-2024-48460
An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...
CVE-2024-40892 Firewalla BTLE Weak Credentials
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...
BIT-GITLAB-2022-0738
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...
CVE-2022-3010
Summary: CVE-2022-3010 affects Priva TopControl Suite versions prior to 8.7.8.0, where an SSH credential deciphering vulnerability exists due to insecure password hashing (CWE-916). This could allow an attacker to calculate and use login credentials to access the affected components remotely. Aff...
New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware,...
New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices
Internet-facing Linux systems and Internet of Things IoT devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal...
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLa...
CVE-2023-27486
xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...
Design/Logic Flaw
xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...
CVE-2023-27486 Insufficient authorization validation between zones when xCAT zones are enabled
xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...
xCAT 安全漏洞
xCAT is a toolset that provides complete management for HPC clusters, render farms, grids, web farms, online gaming infrastructures, clouds, and data centers. A security vulnerability exists in xCAT versions prior to 2.16.5, which stems from the fact that if a zone is configured for cluster...
SUSE CVE-2015-2907
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...
[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities
R1 Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 08/24/2022 - 12:18 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...
GO-2022-0438 Exposure of sensitive information via log file in github.com/hashicorp/go-getter
The getter package can write SSH credentials to its logfile, exposing credentials to local users able to read the logfile...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
Command injection
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities
R1 Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 06/15/2022 - 12:36 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...