Lucene search
K

14901 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/08/13 6:25 p.m.330 views

Metasploit Wrap-Up

Print Driver PrivEsc If you attended DEF CON last week, you may have seen this talk on print driver vulnerabilities from Metasploit community contributor Jacob Baines. In the spirit of Friday the 13th, we're highlighting some of these "print nightmares" again, in the form of two new Metasploit...

7.5CVSS9.9AI score0.95355EPSS
Exploits12
NVD
NVD
added 2021/08/12 3:15 p.m.14 views

CVE-2021-27794

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST...

7.8CVSS0.0024EPSS
Exploits0References2
Prion
Prion
added 2021/08/12 3:15 p.m.16 views

Authentication flaw

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST...

4.6CVSS7.6AI score0.0024EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/12 2:25 p.m.67 views

CVE-2021-27794

CVE-2021-27794 affects Brocade Fabric OS prior to versions fixed in Brocade/Fabric OS advisories. The vulnerability arises in the authentication mechanism, allowing login with an empty or invalid password via telnet, ssh, and REST. Affected products include Brocade Fabric OS versions before v9.0....

7.8CVSS7.7AI score0.0024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/12 2:25 p.m.19 views

CVE-2021-27794

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST...

7.9AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2021/08/10 7:15 p.m.4 views

CVE-2021-21567

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISIPRIVLOGINSSH and/or ISIPRIVLOGINCONSOLE to elevate privilege...

7.8CVSS7.1AI score0.00215EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2021/08/10 12:1 p.m.33 views

cloud-init security update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

5.5CVSS5.6AI score0.00219EPSS
Exploits0
Veracode
Veracode
added 2021/08/09 10:38 a.m.30 views

Remote Code Execution (RCE)

btrbk is vulnerable to remote code execution. The vulnerability exists due to the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

9.8CVSS2.8AI score0.03155EPSS
Exploits0References8Affected Software1
Hacker One
Hacker One
added 2021/08/09 8:45 a.m.19 views

Shopify: EC2 Takeover at turn.shopify.com

Summary Hi team, It seems that the domain turn.shopify.com pointed to an EC2 instance that was terminated and the DNS record wasn't updated. We managed to register a new EC2 instance with the IP that turn.shopify.com points to: Command dig turn.shopify.com ; DiG 9.11.3-1ubuntu1.13-Ubuntu...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2021/08/09 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2021-2307)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.2AI score0.01607EPSS
Exploits0References2
NVD
NVD
added 2021/08/07 7:15 p.m.13 views

CVE-2021-38173

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

9.8CVSS0.03155EPSS
Exploits0References5
Prion
Prion
added 2021/08/07 7:15 p.m.21 views

Command injection

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

7.5CVSS9.6AI score0.03155EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2021/08/07 6:58 p.m.22 views

CVE-2021-38173

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

9.9AI score0.03155EPSS
Exploits0References5
CVE
CVE
added 2021/08/07 6:58 p.m.102 views

CVE-2021-38173

CVE-2021-38173 affects btrbk prior to version 0.31.2. The issue arises from mishandling remote hosts filtering SSH commands via ssh_filter_btrbk.sh in authorized_keys, enabling remote command execution. Affected products are btrbk before 0.31.2; upstream fixes upgrade to 0.31.2 or newer. No explo...

9.8CVSS9.5AI score0.03155EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2021/08/07 6:58 p.m.24 views

CVE-2021-38173

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

9.8CVSS9.8AI score0.03155EPSS
Exploits0
Fedora
Fedora
added 2021/08/07 1:14 a.m.108 views

[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

6.5CVSS6.9AI score0.0627EPSS
Exploits5
Hacker One
Hacker One
added 2021/08/06 5:7 p.m.129 views

Sifchain: SSH server due to Improper Signature Verification

I found that you are using golang.org/x/[email protected] which has a vulnerability that was fixed in this version golang.org/x/[email protected] but that vulnerability is: golang.org/x/crypto/ssh is an SSH client and server Version...

5CVSS7.4AI score0.21052EPSS
Exploits6
Citrix
Citrix
added 2021/08/05 12:0 a.m.6 views

Config sync may fail after upgrade in HA/Cluster deployments

After upgrading to 13.0 74.14+ from older releases sometimes it was observed that config sync is continuously failing in HA/Cluster deployments. Failure can be because of multiple reasons like: 1. Internal user login is disabled but nscommkey is not configured 2. Sshhostrsakey private and public ...

7.2AI score
Exploits0
NVD
NVD
added 2021/08/04 6:15 p.m.23 views

CVE-2021-1572

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

7.8CVSS0.00247EPSS
Exploits0References2
OSV
OSV
added 2021/08/04 6:15 p.m.7 views

CVE-2021-1572

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

7.8CVSS6AI score0.00247EPSS
Exploits0References2
Rows per page
Query Builder