14901 matches found
SUSE: Security Advisory (SUSE-SU-2021:3123-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerability in libssh2 CVE-2019-17498.
Summary libssh2 is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-17498 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when connecting to a malicious SSH server that sends a...
Cisco Access Points SSH Management Privilege Escalation Vulnerability
A vulnerability in the SSH management feature of multiple Cisco Access Points APs platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH...
The vulnerability of the SSH server on the Cisco IOS XR operating system allows a hacker to read and rewrite any files they choose.
The vulnerability of the SSH server on the Cisco IOS XR operating system is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote attacker to read and rewrite any files as desired...
Weak Host Key Algorithm(s) (SSH)
The remote SSH server is configured to allow / support weak host key algorithms. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-41393
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations...
CVE-2021-41393
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations...
Design/Logic Flaw
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations...
CVE-2021-41393
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations...
CVE-2021-41393
Summary: CVE-2021-41393 affects Teleport. In affected releases, SSH host certificates can be forged in certain situations. Impacted versions (per sources): Teleport < 4.4.11; Teleport < 5.2.4 (i.e., 5.x before 5.2.4); Teleport < 6.2.12 (i.e., 6.x before 6.2.12); Teleport
The vulnerability of the sshd-core Java library component, which supports the SSH protocol of Apache SSHD, allows a attacker to cause a service failure.
The vulnerability of the sshd-core Java library component, which supports SSH protocol with Apache SSHD, is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a remote attacker to cause service interruptions...
No Patch for High-Severity Bug in Legacy IBM System X Servers
Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo. However, the company is offering workaround mitigation. The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to comma...
Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)
The remote SSH server is configured to allow / support weak key exchange KEX algorithms. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Weak (Small) Public Key Size(s) (SSH)
The remote SSH server uses a weak too small public key size. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ECOA Building Automation System - Hard-coded Credentials SSH Access
Exploit Title: ECOA Building Automation System - Hard-coded Credentials SSH Access Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Hard-coded Credentials SSH Access Vendor: ECOA Technologies Corp. Product web page:...
Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Create a SSH key with PoC.html 🕵️♂️ Proof of Concept 1. User with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after...
[SECURITY] [DLA 2753-2] qemu regression update
Debian LTS Advisory DLA-2753-2 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 11, 2021 https://wiki.debian.org/LTS Package : qemu Version : 1:2.8+dfsg-6+deb9u16 CVE ID : CVE-2021-3592 Debian Bug : 994080 It was found that the patch for CVE-2021-3592...
ECOA Building Automation System Hardcoded SSH Credentials Vulnerability
ECOA building automation systems have hardcoded SSH credentials. Many versions are affected. ECOA Building Automation System Hard-coded Credentials SSH Access Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA...
Cisco IOS XR Software Arbitrary File Read and Write (cisco-sa-iosxr-scp-inject-QwZOCv2)
According to its self-reported version, Cisco IOS XR is affected by an arbitrary file read and write vulnerability in its SSH server process due to insufficient input validation of user supplied input. An authenticated, remote attacker can exploit this, by specifying specific SCP parameters when...
CVE-2021-28914
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access...