CVE-2023-39808

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...

CVE-2023-39808

CVE-2023-39808 affects N.V.K. INTER iBSG v3.5. The vulnerability stems from a hardcoded root password, enabling an attacker to log in with root privileges over SSH. Public sources corroborate the issue and assign a high severity (CVSSv3.1: 9.8; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No exploitatio...

New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities

A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware,...

OracleVM 3.4 : openssh (OVMSA-2023-0019)

The remote OracleVM system is missing necessary patches to address security updates: - sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate user...

Sashimi Detection (SSH Banner)

SSH banner-based detection of Sashimi. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.126489";...

curl: use after free in SSH sha256 fingerprint check

A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...

Oracle Linux 7 : openssh (ELSA-2023-12711)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12711 advisory. 7.4p1-23.0.1fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug:...

Oracle Linux 6 : openssh (ELSA-2023-4428)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4428 advisory. - Fix for CVE-2016-6210 incomplete fix Orabug: 29375502CVE-2016-6210 Tenable has extracted the preceding description block directly from the Oracle Lin...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

Default credentials

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

CVE-2023-40291

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name...

CVE-2023-40291

Summary: CVE-2023-40291 affects Harman Infotainment (version 20190525031613) and enables root access via SSH over a USB-to-Ethernet dongle, using a password that is an internal project name. The vulnerability originates from weak access control for the USB/SSH interface, allowing physical access ...

CVE-2023-28481

CVE-2023-28481 affects Tigergraph Enterprise 3.7.0. The issue allows unsecured write access to the SSH authorized_keys file, enabling any code running as the tigergraph user to append their SSH public key. This can lead to password‑less SSH access using the attacker’s key. Publicly cited sources ...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

Amazon Linux AMI : openssh (ALAS-2023-1794)

The version of openssh installed on the remote host is prior to 7.4p1-22.78. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1794 advisory. An issue was discovered in OpenSSH 7.4 on Amazon Linux 2 and Amazon Linux 1. The fix for CVE-2019-6111 only covered cases where ...

CVE-2023-40291

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name...

Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2023-273)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-273 advisory. The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an...

PT-2023-5021 · Harman · Harman Infotainment

Name of the Vulnerable Software and Affected Versions: Harman Infotainment version 20190525031613 Description: The issue allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name. This is related to inadequate access control in the navigation and...