CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

TeamTNT's Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign

As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob. "The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave...

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept PoC has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under t...

Slackware: Security Advisory (SSA:2023-193-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-J54R-W587-95Q7 Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

CVE-2023-37948

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...

CVE-2023-37948

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...

Code injection

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...

CVE-2023-37948

CVE-2023-37948 affects the Jenkins Oracle Cloud Infrastructure Compute Plugin (versions up to 1.0.16). The root cause is missing SSH host key validation when connecting to OCI clouds, enabling potential man-in-the-middle attacks. Impact is limited to the plugin’s inability to validate host keys; ...

CVE-2023-37948

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...

CVE-2023-37948

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...

CVE-2020-20021

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon...

CVE-2020-20021

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon...

Design/Logic Flaw

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon...

CVE-2020-20021

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon...

Siemens SIMATIC CN 4100 Incorrect Default Privileges Vulnerability

The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. A security vulnerability previously existed in the Siemens SIMATIC CN 4100 version 2.5, which stemmed from affected devices containing incorrect default values in the SSH configuration. An attacker could exploit the...

CVE-2020-20021

CVE-2020-20021 affects MikroTik RouterOS up to version 6.46.3. The issue arises from a misconfiguration in the SSH daemon, enabling an attacker to cause a denial-of-service by triggering uncontrolled resource consumption. Documents consistently describe the affected product as MikroTik RouterOS/v...

CVE-2020-20021

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon...