Lucene search
K

14901 matches found

Cvelist
Cvelist
added 2021/08/04 5:20 p.m.30 views

CVE-2021-1572 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

7.8CVSS8.1AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 2021/08/04 5:20 p.m.74 views

CVE-2021-1572

The CVE-2021-1572 issue affects Cisco ConfD CLI Secure Shell Server Privilege Escalation, impacting ConfD (and NSO/ConfD options) where the built‑in SSH server handles the SFTP service at the privilege level of the running account (often root). An authenticated, local attacker with a valid accoun...

7.8CVSS7.9AI score0.00247EPSS
Exploits0References2Affected Software2
Cisco
Cisco
added 2021/08/04 4:0 p.m.63 views

ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on the affected device. The vulnerability exis...

7.8CVSS8.1AI score0.00247EPSS
Exploits0References1
Cisco
Cisco
added 2021/08/04 4:0 p.m.80 views

Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an...

7.8CVSS8AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/04 12:0 a.m.4 views

Cisco ConfD 安全漏洞

Cisco ConfD is a management software from Cisco USA. A security vulnerability exists in Cisco ConfD that stems from the affected software incorrectly running SFTP user services with a privileged user enabled CLI when ConfD's built-in SSH server is running. The vulnerability allows an authenticate...

7.8CVSS7.8AI score0.00247EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2021/08/03 12:0 a.m.30 views

Gitlab -- Gitlab

Gitlab reports: Stored XSS in Mermaid when viewing Markdown files Stored XSS in default branch name Perform Git actions with an impersonation token even if impersonation is disabled Tag and branch name confusion allows Developer to access protected CI variables New subscriptions generate OAuth...

6.6CVSS2AI score0.00844EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/07/31 9:30 p.m.79 views

Cerbrutus - Network Brute Force Tool, Written In Python

Modular brute force tool written in Python, for very fast password spraying SSH, and FTP and in the near future other network services. COMING SOON: SMB, HTTPs POST, HTTPs GET, HTTP BASIC AUTH Thanks to @0dayctf, Rondons, Enigma, and 001 fortesting and contributing Installation: cd /opt git clone...

7.3AI score
Exploits0References2
Information Security Automation
Information Security Automation
added 2021/07/30 11:6 p.m.216 views

How to fix “Nessus failed to load the SSH private key” error?

If you are using Nessus to scan Linux hosts and authenticate by key, you may encounter this problem. You have generated the keys correctly, placed the public key on a remote server. You can connect to this server using the private key. ssh -p22 -i privatekey [email protected] But when...

1.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/07/30 5:19 p.m.482 views

LemonDuck no longer settles for breadcrumbs

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story 12 on the...

9.3CVSS9.3AI score0.90026EPSS
Exploits34
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:1 a.m.12 views

Security Bulletin: IBM Tivoli Netcool/Impact uses weaker than expected cryptographic algorithms (CVE-2021-29794)

Summary A vulnerability has been identified in the SSH server configuration shipped with IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21. Vulnerability Details CVEID: CVE-2021-29794 DESCRIPTION: IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enable...

7.5CVSS0.9AI score0.0071EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2021/07/28 2:11 p.m.81 views

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.8.0 Images

Red Hat OpenShift Virtualization release 4.8.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

8.6CVSS6.7AI score0.03478EPSS
Exploits0References100
Hacker One
Hacker One
added 2021/07/23 6:46 p.m.26 views

Sifchain: Signature Verification /// golang.org/x/crypto/ssh

Summary: Crypto package are vulnerable to Improper Signature Verification " An attacker can craft an ssh-ed25519 or [email protected] public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any...

6.8AI score
Exploits0
NVD
NVD
added 2021/07/22 7:15 p.m.29 views

CVE-2021-31580

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...

10CVSS0.03023EPSS
Exploits1References1
NVD
NVD
added 2021/07/19 5:15 p.m.13 views

CVE-2020-20230

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...

6.5CVSS0.01938EPSS
Exploits1References2
Prion
Prion
added 2021/07/19 5:15 p.m.20 views

Design/Logic Flaw

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...

4CVSS6.3AI score0.01938EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2021/07/19 1:11 p.m.49 views

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed v...

1.1AI score
Exploits0
Kitploit
Kitploit
added 2021/07/19 12:30 p.m.78 views

Orbitaldump - A Simple Multi-Threaded Distributed SSH Brute-Forcing Tool Written In Python

A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list usually thousands ...

7.6AI score
Exploits0References1
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.3 views

Mikrotik RouterOs 资源管理错误漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. sshd processes in versions of MikroTik RouterOS prior to 6.47 are vulnerable to uncontrolled resource consumption...

6.5CVSS5.7AI score0.01938EPSS
Exploits1References2
OSV
OSV
added 2021/07/16 11:15 a.m.5 views

CVE-2021-21800

Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...

6.1CVSS6.2AI score0.14115EPSS
Exploits1References1
CVE
CVE
added 2021/07/16 10:33 a.m.82 views

CVE-2021-21800

CVE-2021-21800 affects Advantech R-SeeNet 2.4.12 (ssh_form.php). It is a reflected cross-site scripting vulnerability that allows arbitrary JavaScript execution in the context of the targeted user’s browser when visiting a crafted URL. Documented impact includes potential exposure of administrato...

9.6CVSS6.4AI score0.14115EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder