ADM GUI is down and users only have access via SSH

Users are unable to get any access to ADM GUI on 13.1...

The vulnerability of TP-Link T2600G-28SQ switch’s microprogramming software, related to errors in managing registration data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of TP-Link T2600G-28SQ switch’s microprogramming software is related to errors in managing registration data when processing SSH keys. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Vulnerability in the SSH authentication function based on software keys of Cisco StarOS, allowing attackers to increase their privileges

The vulnerability in the SSH authentication function based on software credentials of Cisco StarOS arises due to insufficient verification of the user-provided credentials. Exploiting this vulnerability allows a malicious actor to elevate privileges on a vulnerable device...

GitHub Security Lab: [python]: Add some dangerous sinks for paramiko ssh clients

Vulnerability description not provided...

FortiNAC - SSH Weak Key Exchange Algorithm

A use of a weak cryptographic algorithm vulnerability CWE-327 in FortiNAC may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks...

SUSE: Security Advisory (SUSE-SU-2023:2062-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for git (FEDORA-2023-eaf1bdd5ae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5964-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to...

CVE-2023-29058

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions...

Code injection

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions...

CVE-2023-29058

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions...

Home Assistant Detection Consolidation

Consolidation of Home Assistant detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

CVE-2023-1778 Default Credential Vulnerability in GajShield Data Security Firewall

This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 except v4.21 due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby...

JavaScript Packages Detection Consolidation

Consolidation of JavaScript packages detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in ssh-compute (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 240dd96c86fea32d5f03426ea8f8069aa60e8cccfe1f5d0a53812aa6cf7fa311 The OpenSSF Package Analysis project identified 'ssh-compute' @ 0.1.9 npm as malicious. It is considered malicious because: - The package...

MAL-2023-7 Malicious code in ssh-compute (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 240dd96c86fea32d5f03426ea8f8069aa60e8cccfe1f5d0a53812aa6cf7fa311 The OpenSSF Package Analysis project identified 'ssh-compute' @ 0.1.9 npm as malicious. It is considered malicious because: - The package...

SUSE: Security Advisory (SUSE-SU-2023:1999-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hardcoded credentials

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

auditpolCIS - CIS Benchmark Testing Of Windows SIEM Configuration

CIS Benchmark testing of Windows SIEM configuration This is an application for testing the configuration of Windows Audit Policy settings against the CIS Benchmark recommended settings. A few points: The tested system was Windows Server 2019, and the benchmark used was also Windows Server 2019. T...