Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

Design/Logic Flaw

A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2022-25199

A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2022-25199

CVE-2022-25199 : Jenkins SCP Publisher Plugin, versions 1.8 and earlier, lacks a permission check in a form-validation method. This enables attackers with Overall/Read permission to connect to an attacker‑specified SSH server using attacker‑specified credentials, and the flawed flow also enables ...

CVE-2022-25198

A cross-site request forgery CSRF vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2022-25198

The CVE-2022-25198 entry pertains to Jenkins SCP publisher Plugin versions 1.8 and earlier, which expose a cross-site request forgery (CSRF) vulnerability. The flaw allows an attacker, with Overall/Read permission, to cause the Jenkins controller to connect to an attacker‑specified SSH server usi...

GHSA-F9FQ-VJVH-779P Improper Input Validation in vault-ssh-helper

HashiCorp vault-ssh-helper github.com/hashicorp/vault-ssh-helper/helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...

Improper Input Validation in vault-ssh-helper

HashiCorp vault-ssh-helper github.com/hashicorp/vault-ssh-helper/helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...

CVE-2019-16864

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM...

Remote code execution

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM...

CVE-2019-16864

Affected product: EnterpriseDT CompleteFTP Server. Vulnerable if running CompleteFTP before 12.1.4; RCE via SSH: CompleteFTPService.exe executes the attacker’s command as SYSTEM, triggered by a Windows user with SSH access. Impact: remote code execution without user interaction. Remediation: upgr...

CVE-2019-16864

CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM...

FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors

A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts. Dubbed FritzFrog, "the decentralized botnet targets any device that expos...

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Use of Hard-Coded Credentials (CVE-2019-14926)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard- coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware...

CVE-2022-22722

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...

openSUSE: Security Advisory for openssh (openSUSE-SU-2021:4153-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for kubevirt, (openSUSE-SU-2022:0040-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Mageia: Security Advisory (MGASA-2020-0003)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0372)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...