CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

320 matches found

AlpineLinux•added 2021/08/31 12:0 a.m.•30 views

CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS6.9AI score0.04596EPSS

Exploits0

RedhatCVE•added 2021/08/26 1:32 p.m.•39 views

CVE-2021-3634

A flaw has been found in libssh. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

6.5CVSS1.7AI score0.04596EPSS

Exploits0References3

UbuntuCve•added 2021/08/26 12:0 a.m.•49 views

CVE-2021-3634

6.5CVSS6.5AI score0.04596EPSS

Exploits0References2

FreeBSD•added 2021/08/26 12:0 a.m.•32 views

libssh -- possible heap-buffer overflow vulnerability

libssh security advisories: The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...

6.5CVSS2.4AI score0.04596EPSS

Exploits0References2

The Hacker News•added 2021/07/14 3:41 a.m.•104 views

Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks

Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution RCE exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322." The revelation comes days after the Texas-based IT monitori...

10CVSS1.9AI score0.9116EPSS

Exploits2

Kitploit•added 2021/06/24 12:30 p.m.•259 views

Shreder - A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool

Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second. Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds. Simple CLI and API usage. Installation pip3 install...

7.4AI score

Exploits0References1

Packet Storm•added 2021/05/18 12:0 a.m.•156 views

rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution

!/usr/bin/env python Title: rxvt remote code execution over scp with $SHELL=/bin/bash 0day Version: rxvt 2.7.10, rxvt-unicode 9.22 Author: def Date: 2021-05-16 CVE: N/A ------------------------------------------------------------------------------ URXVT VULNERABILITY In rxvt-based terminals, ANSI...

7.4AI score

Exploits0

OpenVAS•added 2021/04/21 12:0 a.m.•6 views

Huawei Data Communication: VTY allows Telnet login, which is risky

VTY allows Telnet login, which is risky Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute ...

7.3AI score

Exploits0

AlmaLinux•added 2020/11/03 12:14 p.m.•40 views

Moderate: libssh security, bug fix, and enhancement update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh 0.9.4. BZ1804797 Security Fixes: libssh: denial of service when handling AES-CTR or DES ciphers...

9.3CVSS1.4AI score0.03174EPSS

Exploits0References2

OSV•added 2020/04/23 3:15 p.m.•13 views

CVE-2020-11940

In nDPI through 3.2 Stable, an out-of-bounds read in concathashstring in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library...

7.5CVSS6.8AI score

Exploits0References2

NVD•added 2020/04/23 3:15 p.m.•11 views

CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...

9.8CVSS9.9AI score0.03302EPSS

Exploits1References2

NVD•added 2020/04/23 3:15 p.m.•13 views

CVE-2020-11940

7.5CVSS7.4AI score0.01324EPSS

Exploits1References2

OSV•added 2020/04/23 3:15 p.m.•10 views

CVE-2020-11939

9.8CVSS7.9AI score

Exploits0References2

Prion•added 2020/04/23 3:15 p.m.•12 views

Design/Logic Flaw

5CVSS7.4AI score0.01324EPSS

Exploits1References2Affected Software1

UbuntuCve•added 2020/04/23 3:15 p.m.•19 views

CVE-2020-11939

9.8CVSS7.4AI score0.03302EPSS

Exploits1References3

Prion•added 2020/04/23 3:15 p.m.•11 views

Integer overflow

7.5CVSS9.8AI score0.03302EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/04/23 2:20 p.m.•13 views

CVE-2020-11940

7.4AI score0.01324EPSS

Exploits1References2

Cvelist•added 2020/04/23 2:18 p.m.•12 views

CVE-2020-11939

9.9AI score0.03302EPSS

Exploits1References2

CVE•added 2020/04/23 2:18 p.m.•51 views

CVE-2020-11939

CVE-2020-11939 affects nDPI (up to 3.2 Stable) where the SSH protocol dissector exposes multiple KEXINIT integer overflows. The underlying issue is a heap overflow in concat_hash_string in ssh.c, enabling an attacker to remotely influence heap layout and memory contents. The documented impact sta...

9.8CVSS9.8AI score0.03302EPSS

Exploits1References2Affected Software1

Debian CVE•added 2020/04/23 2:18 p.m.•18 views

CVE-2020-11939

9.8CVSS9.9AI score0.03302EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by