CVE-2023-40371

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476...

PT-2023-4594 · Ibm · Vios +1

Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.2 through 7.3 VIOS version 3.1 Description: The issue is related to improper access controls in the OpenSSH implementation, which could allow a non-privileged local user to access files outside of those allowed. This could...

Amazon Linux AMI : openssh (ALAS-2023-1802)

The version of openssh installed on the remote host is prior to 7.4p1-22.80. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1802 advisory. The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code...

CVE-2023-37426

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

Code injection

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

CVE-2023-37426 Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

CVE-2023-37426

CVE-2023-37426 concerns Aruba Networks EdgeConnect SD-WAN Orchestrator. The issue is that installations prior to the versions resolved in advisories used shared static SSH host keys across all instances, allowing an attacker to spoof the SSH host signature and masquerade as a legitimate Orchestra...

CVE-2023-37426 Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

Advisory ROSA-SA-2023-2220

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-30.rv3.2c.src.rpm CVE-ID: CVE-2022-22576 BDU-ID: 2022-03036 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OAUTH2 protocol implementation of the cURL command line utility is related to the reuse of a connection wi...

libssh2 缓冲区错误漏洞

libssh2 is a client-side C library that implements the SSH2 protocol, which is capable of executing remote commands, file transfers, as well as providing a secure transmission channel for remote programs. A security vulnerability exists in libssh 2 version 1.10.0, which stems from a security flaw...

Important: openssh

Issue Overview: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into...

PT-2023-25954 · Riverbed · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN Orchestrator versions prior to the versions resolved in this advisory Description: The issue is related to shared static SSH host keys for all installations, which could allow an attacker to spoof the SSH host signature and...

Fedora 38 : python-yfinance (2023-2b0f2e4bc3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2b0f2e4bc3 advisory. Update to 0.2.28 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

CVE-2023-39808

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...

Hardcoded credentials

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...

CVE-2023-39808

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...

CVE-2023-39808

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...

CVE-2023-39808

CVE-2023-39808 affects N.V.K. INTER iBSG v3.5. The vulnerability stems from a hardcoded root password, enabling an attacker to log in with root privileges over SSH. Public sources corroborate the issue and assign a high severity (CVSSv3.1: 9.8; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No exploitatio...

New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities

A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware,...

OracleVM 3.4 : openssh (OVMSA-2023-0019)

The remote OracleVM system is missing necessary patches to address security updates: - sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate user...