14899 matches found
Jenkins Plugin 跨站请求伪造漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Publish Over SSH Plugin in version 1.22 and earlier contains a cross-site request forgery vulnerability that stems...
Jenkins Publish Over SSH Plugin安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-15853 · Jenkins · Jenkins Publish Over Ssh Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the SSH server name is not properly escaped, allowing attackers with...
Apache Guacamole Information Disclosure Vulnerability (CNVD-2022-04988)
Apache Guacamole is a clientless remote desktop gateway from the Apache Foundation in the United States. The product supports protocols such as VNC, RDP, and SSH. A security vulnerability exists in Apache Guacamole 1.3.0, which stems from the fact that Apache Guacamole 1.3.0 and earlier versions...
PT-2022-15857 · Jenkins · Jenkins Publish Over Ssh Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: The issue allows passwords to be stored unencrypted in the global configuration file on the Jenkins controller. This can be viewed by users with access to the Jenkins...
SUSE: Security Advisory (SUSE-SU-2022:0040-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2022:0040-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cau...
SUSE-SU-2022:0040-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cau...
Google Golang 输入验证错误漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
PT-2022-6957
Name of the Vulnerable Software and Affected Versions golang.org/x/crypto/ssh package versions prior to 0.0.0-20211202192323-5770296d904e Description The issue is related to insufficient input validation in the golang.org/x/crypto/ssh package, which can be exploited by a remote attacker to cause ...
QNAP: Get NAS Devices Off the Internet Now
Get your internet-exposed, network-attached storage NAS devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. “The most vulnerable victims will be those devices exposed to the Internet without any protection,”...
Stormshield Network Security Code Issue Vulnerability
Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. Stormshield Network Security SNS suffers from a code issue vulnerability that stems from the first SSH password change not properly clearing the old password under certain update...
CVE-2021-45885
An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...
CVE-2021-45885
An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...
Default credentials
An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...
CVE-2021-45885
An issue was discovered in Stormshield Network Security SNS 4.2.2 through 4.2.7 fixed in 4.2.8. Under a specific update-migration scenario, the first SSH password change does not properly clear the old password...
CVE-2021-45885
Stormshield Network Security (SNS) versions 4.2.2–4.2.7 are affected by a password handling issue where the first SSH password change does not properly clear the old password during a specific update-migration scenario. This can impact confidentiality (as per CVSS 3.1 base score 7.5) and is mitig...
Debian DLA-2860-1 : paramiko - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2860 advisory. - Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This...
openSUSE 15 Security Update : openssh (openSUSE-SU-2021:4153-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4153-1 advisory. - ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access o...
OESA-2021-1468 xorg-x11-server security update
Xorg server common files. Security Fixes: A security issue has been found in X.Org before version 21.1.2 and Xwayland before version 21.1.4. The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write. Thi...