14866 matches found
CVE-2017-5242
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...
Code injection
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...
git2 Rust package suppresses ssh host key checking
By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...
RUSTSEC-2023-0002 git2 Rust package suppresses ssh host key checking
By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...
CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
Multiple vulnerabilities in PIXELA PIX-RT100
Overview PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Backdoor access issue CWE-912 - CVE-2023-22316 MASAHIRO IIDA of LAC Co.,Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the develop...
JVN#57296685: Multiple vulnerabilities in PIXELA PIX-RT100
PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.0 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C| Base Score: 7.7...
CVE-2017-5242 Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...
CVE-2017-5242 Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...
CVE-2017-5242
CVE-2017-5242 affects Nexpose and InsightVM virtual appliances downloaded between 2017-04-05 and 2017-05-03, which contain identical SSH host keys due to keys not being regenerated at first boot. This creates a risk that a privileged attacker could impersonate another vulnerable appliance or decr...
CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
ALPINE-CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
AZL-12969 CVE-2022-46176 affecting package rust for versions less than 1.68.2-1
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
Design/Logic Flaw
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
CVE-2022-46176 Cargo did not verify SSH host keys
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
CVE-2022-46176 Cargo did not verify SSH host keys
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
CVE-2022-46176
Cargo for Rust did not verify SSH host keys when cloning indexes/dependencies via SSH, enabling potential MITM attacks. All Rust versions containing Cargo before 1.66.1 are affected; upgrading to Cargo/Rust 1.66.1 fixes the SSH host key verification behavior by aborting connections if the server ...
CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
CVE-2022-46176 Cargo did not verify SSH host keys
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...