Lucene search
K

55 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.16 views

Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

5.9CVSS7.1AI score0.9378EPSS
Exploits4References2
Cvelist
Cvelist
added 2025/01/31 12:0 a.m.16 views

CVE-2024-47857

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target host...

0.00439EPSS
Exploits0References2
NVD
NVD
added 2024/12/08 11:15 p.m.17 views

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

9.8CVSS0.00573EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/10/26 12:0 a.m.43 views

Fortinet FortiWeb OpenSSH Terrapin attack (CVE-2023-48795) (FG-IR-23-490)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-490 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS7.1AI score0.9378EPSS
Exploits4References2
CVE
CVE
added 2024/08/26 10:32 p.m.62 views

CVE-2024-43798

CVE-2024-43798 affects Chisel, a fast TCP/UDP tunnel over HTTP secured via SSH. The vulnerability occurs because the server does not read the documented AUTH environment variable for credentials, allowing any unauthenticated user to connect even when credentials are set. This impacts deployments ...

8.6CVSS7AI score0.0045EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/08/20 9:57 a.m.1395 views

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 OpenSSH Vulnerability Mitigation Script Over...

9.3CVSS8.9AI score0.99506EPSS
Exploits68
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.29 views

Fedora 39 : putty (2024-cba85cc558)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cba85cc558 advisory. Security fix for CVE-2024-31497. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

5.9CVSS7.8AI score0.05773EPSS
Exploits0References2
OSV
OSV
added 2024/01/08 7:1 p.m.8 views

MGASA-2024-0004 Updated dropbear package fixes a security vulnerability

Parts of the SSH specification are vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thus...

5.9CVSS6.6AI score0.9378EPSS
Exploits4References3
Veracode
Veracode
added 2023/12/19 6:46 a.m.69 views

Rogue Session Attack (Terrapin)

ssh is vulnerable to Terrapin attack. The vulnerability is due to mishandling of the handshake phase and sequence numbers in the SSH Binary Packet Protocol BPP with certain OpenSSH extensions. This allows an attacker to bypass integrity checks and omit packets during extension negotiation, and...

5.9CVSS6.5AI score0.9378EPSS
Exploits4References120Affected Software28
Malwarebytes
Malwarebytes
added 2021/11/24 11:25 a.m.47 views

Password usage analysis of brute force attacks on honeypot servers

As Microsoft’s Head of Deception, Ross Bevington is responsible for setting up and maintaining honeypots that look like legitimate systems and servers. Honeypot systems are designed to pose as an attractive target for attackers. Sometimes they are left vulnerable to create a controllable and safe...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2021/10/08 12:0 a.m.7 views

Fedora: Security Advisory for libssh (FEDORA-2021-f2a020a065)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.9AI score0.04683EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/07/16 12:0 a.m.12 views

Western Digital My Cloud Multiple Products 5.0 < 5.15.106 Unauthorized Access Vulnerability (WDC-21009)

Multiple Western Digital My Cloud products are prone to a vulnerability that could allow unauthorized access via SSH. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

4.3CVSS5.2AI score0.9986EPSS
Exploits1References2
Citrix
Citrix
added 2021/02/02 12:0 a.m.6 views

Hotfix XS82E015 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| None Content live patchable| No Baselines for Live Patch| N/A Revision History| Published on Feb02, 2021 To...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2020/05/07 12:0 a.m.6 views

Linux: SSH AllowTcpForwarding

SSH port forwarding is a mechanism in SSH for tunneling application ports from the client to the server, or servers to clients. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors in...

7.4AI score
Exploits0References3
EUVD
EUVD
added 2020/02/20 12:0 a.m.4 views

EUVD-2021-1059

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

7.5CVSS7.4AI score0.21052EPSS
Exploits6References36
Prion
Prion
added 2019/06/17 5:15 p.m.17 views

Hardcoded credentials

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key...

10CVSS9.5AI score0.03261EPSS
Exploits1References3Affected Software3
0day.today
0day.today
added 2019/01/20 12:0 a.m.33828 views

OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit

Exploit Title: SSHtranger Things Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111, CVE-2019-6110 ''' Title: SSHtranger Things Author: Mark E. Haase Homepage:...

6.8CVSS0.58204EPSS
Exploits10
Packet Storm
Packet Storm
added 2018/12/05 12:0 a.m.4665 views

OpenSSH User Enumeration

!/usr/bin/env python2 CVE-2018-15473 SSH User Enumeration by Leap Security @LeapSecurity https://leapsecurity.io Credits: Matthew Daley, Justin Gardner, Lee David Painter import argparse, logging, paramiko, socket, sys, os class InvalidUsernameException: pass malicious function to malform packet...

5CVSS6.2AI score0.98631EPSS
Exploits23
n0where
n0where
added 2017/08/06 7:5 p.m.19 views

An ssh-agent for every domain: SSHecret

If you have an encrypted ssh key for each domain you access you should, and you keep your unlocked keys in a single ssh-agent you maybe shouldn’t, AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad. If you forward an ssh-agent with all your unique keys for every...

0.5AI score
Exploits0References1
Exploit DB
Exploit DB
added 2017/05/19 12:0 a.m.55 views

Tecnovision DLX Spot - SSH Backdoor Access

Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password. Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: All known versions...

10CVSS9.3AI score0.10081EPSS
Exploits13
Rows per page
Query Builder