CVE-2023-28110

CVE-2023-28110 affects Jumpserver’s Koko component (Go version of coco). Before v2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko enables a command injection that can disrupt the Koko container environment and impact normal operation. The issue has a fixed release in v...

CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...

CVE-2023-28113

Summary: The CVE-2023-28113 issue affects russh, a Rust SSH client/server library. The root cause is insufficient validation of Diffie-Hellman (DH) keys, allowing certain invalid DH public values (e, e

CVE-2023-28113 russh may use insecure Diffie-Hellman keys

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

OpenBSD OpenSSH < 9.3 Unspecified Vulnerability

OpenBSD OpenSSH is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

CVE-2023-25804

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

Path traversal

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25804 Roxy-WI vulnerable to Limited Path Traversal in name parameter

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25804 Roxy-WI vulnerable to Limited Path Traversal in name parameter

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25804 Roxy-WI vulnerable to Limited Path Traversal in name parameter

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25804

CVE-2023-25804 affects Roxy-WI web interface for managing Haproxy, Nginx, Apache, and Keepalived. The vulnerability is a limited path traversal in the name parameter that allows an SSH key to be saved to an unintended location (for example, /tmp) using a payload such as ../../../../../tmp/test111...

PT-2023-2329

Name of the Vulnerable Software and Affected Versions OpenSSH versions 8.9 through 9.2 Description The issue is related to the use of memory after it has been freed in the ssh-agent of OpenSSH, which can allow a remote attacker to impact the confidentiality, integrity, and availability of protect...

CVE-2023-0345

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

Default credentials

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

CVE-2023-0345 CVE-2023-0345

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

CVE-2023-0345

CVE-2023-0345 (Akuvox E11) : The vulnerability is due to the SSH server being enabled by default and accessible as root with a password that cannot be changed. Reported in multiple sources, including the RT-ICS briefing and Red Hat advisories, it carries a high impact (C/H/I/H) and a base CVSS v3...

PT-2023-16197 · Akuvox · Akuvox E11

Name of the Vulnerable Software and Affected Versions: Akuvox E11 affected versions not specified Description: The issue concerns a custom version of the dropbear SSH server used by Akuvox E11, which allows an insecure option not present in the official dropbear SSH server by default...

GitHub: Authentication bypass on gist.github.com through SSH Certificates

An authentication bypass vulnerability was found in GitHub Enterprise Server that allowed unauthorized access to modify other users' secret gists through SSH certificates. The vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15,...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libX11 (SUSE-SU-2023:0668-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0668-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2023:0655-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0655-1 advisory. - Fixed a regression introduced with security update for CVE-2022-46340 bsc1205874. Tenable has extracted the preceding description block...