VMware Spring Boot Detection (Linux/Unix SSH Login)

SSH login-based detection of VMware Spring Boot and its components. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

SSH SHA-1 HMAC Algorithms Enabled (PCI DSS)

The remote SSH server is configured to enable SHA-1 HMAC algorithms. Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions. Note that...

CVE-2022-25569

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software...

CVE-2022-25569

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software...

Design/Logic Flaw

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software...

CVE-2022-25569

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software...

CVE-2022-25569

The CVE-2022-25569 issue affects Bettini Srl GAMS Product Line v4.3.0, where the product reuses static SSH keys across installations, enabling unauthenticated attackers to log in as root by extracting a key from the software. This is described in multiple connected records as a static SSH key reu...

CVE-2021-30064

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials if the device is in the uncommissioned state...

Hardcoded credentials

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials if the device is in the uncommissioned state...

CVE-2021-30064

The CVE affects Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 (before 03.23) and TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance. The root cause is hardcoded default credentials allowing SSH login, applicable when the device is in the uncommissioned/not-enabled state. ...

CVE-2021-30064

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials if the device is in the uncommissioned state...

VMware Spring Framework Detection (Linux/Unix SSH Login)

SSH login-based detection of the VMware Spring Framework and its components. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Security update for icingaweb2 (important)

openSUSE Security Update: Security update for icingaweb2 Announcement ID: openSUSE-SU-2022:0097-1 Rating: important References: 1196911 1196913 Cross-References: CVE-2022-24714 CVE-2022-24715 CVSS scores: CVE-2022-24714 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-24715 NVD : 8...

USN-5354-1: Twisted vulnerabilities

It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21712 It was discovered that Twisted incorrectly processed SSH handshake data on connection...

CVE-2022-24693

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

Hardcoded credentials

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

CVE-2022-24693

CVE-2022-24693 affects Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8. The issue is hardcoded credentials stored in the firmware (encrypted by the crypt function) that can be discovered and used by remote attackers to authenticate via SSH. Multiple connected sources c...

CVE-2022-24693

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

Ubuntu 18.04 LTS / 20.04 LTS : Twisted vulnerabilities (USN-5354-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5354-1 advisory. It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could...

CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...