14901 matches found
Metasploit Wrap-Up
Print Driver PrivEsc If you attended DEF CON last week, you may have seen this talk on print driver vulnerabilities from Metasploit community contributor Jacob Baines. In the spirit of Friday the 13th, we're highlighting some of these "print nightmares" again, in the form of two new Metasploit...
CVE-2021-27794
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST...
Authentication flaw
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST...
CVE-2021-27794
CVE-2021-27794 affects Brocade Fabric OS prior to versions fixed in Brocade/Fabric OS advisories. The vulnerability arises in the authentication mechanism, allowing login with an empty or invalid password via telnet, ssh, and REST. Affected products include Brocade Fabric OS versions before v9.0....
CVE-2021-27794
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST...
CVE-2021-21567
Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISIPRIVLOGINSSH and/or ISIPRIVLOGINCONSOLE to elevate privilege...
cloud-init security update
An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...
Remote Code Execution (RCE)
btrbk is vulnerable to remote code execution. The vulnerability exists due to the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...
Shopify: EC2 Takeover at turn.shopify.com
Summary Hi team, It seems that the domain turn.shopify.com pointed to an EC2 instance that was terminated and the DNS record wasn't updated. We managed to register a new EC2 instance with the IP that turn.shopify.com points to: Command dig turn.shopify.com ; DiG 9.11.3-1ubuntu1.13-Ubuntu...
Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2021-2307)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-38173
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...
Command injection
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...
CVE-2021-38173
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...
CVE-2021-38173
CVE-2021-38173 affects btrbk prior to version 0.31.2. The issue arises from mishandling remote hosts filtering SSH commands via ssh_filter_btrbk.sh in authorized_keys, enabling remote command execution. Affected products are btrbk before 0.31.2; upstream fixes upgrade to 0.31.2 or newer. No explo...
CVE-2021-38173
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Sifchain: SSH server due to Improper Signature Verification
I found that you are using golang.org/x/[email protected] which has a vulnerability that was fixed in this version golang.org/x/[email protected] but that vulnerability is: golang.org/x/crypto/ssh is an SSH client and server Version...
Config sync may fail after upgrade in HA/Cluster deployments
After upgrading to 13.0 74.14+ from older releases sometimes it was observed that config sync is continuously failing in HA/Cluster deployments. Failure can be because of multiple reasons like: 1. Internal user login is disabled but nscommkey is not configured 2. Sshhostrsakey private and public ...
CVE-2021-1572
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...
CVE-2021-1572
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...