CVE-2023-28368

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQUNV11.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential...

Siemens Scalance W-7xx Series Improper Authentication (CVE-2013-4652)

Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a 1 SSH or 2 TELNET connection. This plugin only works with Tenable.ot. Please visit...

Linux: BSI TR-02102-4 3.6 Server Authentication

HostKeyAlgorithms specifies the host key algorithms offered by the server. Note: Ensure your SSH implementation is capable of using the ciphers specified in sshdconfig. This check does not look for pgp-sign-dss as an exception. If this cipher is used, it should have a key length of 3000 Bits / 25...

Fedora 36 : curl (2023-7e7414e64d)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7e7414e64d advisory. - fix SSH connection too eager reuse still CVE-2023-27538 - fix GSS delegation too eager connection re-use CVE-2023-27536 - fix FTP too eager...

CVE-2023-23761

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all...

Authentication flaw

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all...

CVE-2023-23761 Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all...

PT-2023-19186 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.9 Description: An improper authentication issue was identified that allowed unauthorized modification of other users' secret gists by authenticating through an SSH certificate authority, provided t...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1788-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1788-1 advisory. - CVE-2023-22742: Verify ssh remote host keys bsc1207364 Tenable has extracted the preceding description...

ROS-20230407-01

The libcurl library vulnerability is related to FTP connection reuse, previously created connections are stored in a connection pool for reuse if they match the current connection pool. connections are stored in the connection pool for reuse if they match the current configuration. configuration...

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

SUSE-SU-2023:1788-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2023-22742: Verify ssh remote host keys bsc1207364...

ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-001-2023 Vendor Homepage: https://www.abus.com Version/Model: TVIP...

Slackware: Security Advisory (SSA:2023-090-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0344

Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server...

Default configuration

Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server...

CVE-2023-0344

CVE-2023-0344 affects Akuvox E11, which uses a custom dropbear SSH server with an insecure option not in the official release. The vulnerability stems from this modified SSH server, enabling an attack vector over the network; CISA’s ICS advisory and Red Hat/NVD entries describe a high-severity, r...

CVE-2023-0344 CVE-2023-0344

Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server...

CVE-2023-0344 CVE-2023-0344

Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server...

SUSE-SU-2023:1711-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection bsc1209209. - CVE-2023-27534: Fixed SFTP path resolving discrepancy bsc1209210. - CVE-2023-27535: Fixed FTP too eager connection reuse bsc1209211. - CVE-2023-27536: Fixed GSS delegation too eager...