Legion Malware Upgraded to Target SSH Servers and AWS Credentials

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services AWS credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to...

Legion Malware Upgraded to Target SSH Servers and AWS Credentials

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services AWS credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to...

CVE-2023-1944 [minikube] ssh server with default password

This vulnerability enables ssh access to minikube container using a default password...

Image Builder security, bug fix, and enhancement update

cockpit-composer 45-1.0.1 - Make per page documentation links point to Oracle Linux Orabug: 32013095 45-1 - New upstream release 44-1 - New upstream release 43-1 - New upstream release 42-1 - New upstream release 40-1 - New upstream release 39-1 - New upstream release 38-1 - New upstream release...

Moxa MXsecurity Series Restricted Shell Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MXsecurity Series appliances. Authentication is required to exploit this vulnerability. The specific flaw exists within the SSH CLI program. The issue results from the lack of proper validation ...

CVE-2023-1944 [minikube] ssh server with default password

This vulnerability enables ssh access to minikube container using a default password...

PT-2023-3279 · Bosch · Bosch Bvms

Name of the Vulnerable Software and Affected Versions: Bosch VMS versions 11.0 through 11.1.1 Description: The issue is related to insufficient protection of service data in the SSH server of the Bosch BVMS video surveillance system management software. It allows a remote attacker to gain...

CVE-2023-1944

CVE-2023-1944 affects minikube. The issue enables SSH access to the minikube container using a default password due to hard-coded/default credentials, leading to potential local privilege/escalation as described by multiple sources (NVD/Veracode/SUSE/CVE lists). Exploitation details are not provi...

Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2023-2805)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2805 advisory. - Fix CVE-2023-0494 2166972 - Follow-up fix for CVE-2022-46340 2151777 - CVE fix for: CVE-2022-4283 2151802, CVE-2022-46340 2151777, CVE-2022-46341...

Internet Bug Bounty: CVE-2023-28319: UAF in SSH sha256 fingerprint check

A use-after-free vulnerability was found in libcurl's SSH server public key verification feature, affecting versions 7.81.0 to 8.0.1. When the verification check failed, libcurl would free the memory for the fingerprint before returning an error message containing the now-freed hash, potentially...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Cinder regression (USN-6073-6)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6073-6 advisory. USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been...

CVE-2023-2588

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell SSH/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL cou...

CVE-2023-2588

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell SSH/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL cou...

CVE-2023-2588

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell SSH/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL cou...

CVE-2023-33235

MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrar...

Command injection

MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrar...

CVE-2023-33235 MXsecurity Command Injection Vulnerability

MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrar...

CVE-2023-33235 MXsecurity Command Injection Vulnerability

MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrar...

CVE-2023-33235

CVE-2023-33235 affects Moxa MXsecurity Series software v1.0, where the SSH CLI component is vulnerable to command injection. An attacker with authorization could break out of the restricted shell and execute arbitrary code. Mitigation/patch: upgrade to MXsecurity v1.0.1 or higher (per CISA ICSA a...

Fedora: Security Advisory for kitty (FEDORA-2023-a354113801)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...