14907 matches found
cloud-init bug fix and enhancement update
An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...
cloud-init bug fix and enhancement update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: Intermittent failure to start cloud-init due to failu...
kexec-tools bug fix and enhancement update
The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot...
kexec-tools bug fix and enhancement update
An update is available for kexec-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kexec-tools packages contain the /sbin/kexec binary and utilities tha...
Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine
An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in...
Sick Visionary-S CX Information Disclosure Vulnerability
SICK Visionary-S CX is a 3D vision sensor from SICK, Germany. It provides direct output of color and depth values via Ethernet. The SICK Visionary-S CX has a security vulnerability in versions prior to 5.21.2.29154R, which can be exploited by an attacker with a weak password to more easily...
AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet
PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN. Vulnerable instances in a private subnet. NOTE: Ids only defined for region "eu-west-1" For other regions, kali ami id must be specified and metasploitable3 id after...
CVE-2021-32496
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects...
Code injection
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects...
Detecting unknown threats: a honeypot how-to
Catching threats is tricky business, especially in todays threat landscape. To tackle this problem, for many years сybersecurity researchers have been using honeypots – a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kasperskys Global Research and...
CVE-2021-32496
CVE-2021-32496 affects SICK Visionary-S CX up to version 5.21.2.29154R. The vulnerability is an Inadequate Encryption Strength issue on the internal SSH interface used for recovering returned devices, caused by weak ciphers. This can allow an attacker with network access to decrypt/transmit data ...
SUSE SLES15: freeradius-server / freeradius-server-devel / etc (SUSE-SU-2021:2147-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2147-1 advisory. - Fixed plaintext password entries in logfiles bsc1184016. Tenable has extracted the preceding description block directly from the SUSE security...
Android 2.0 FreeCIV Arbitrary Code Execution
""" Android Debug Bridge ADB freeciv exploit Author : Raed-Ahsan https://linkedin.com/in/raed-ahsan Android 2.0 Banana Studio """ """ import socket socket import subprocess Subprocess import pyautogui PyAutoGui import time Time def connectionfunctionhost, port: s = socket.socketsocket.AFINET,...
Fedora: Security Advisory for openssh (FEDORA-2021-1d3698089d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: Vulnerabilities in OpenSSH affect GPFS V3.5 for Windows (CVE-2016-0777, CVE-2016-0778)
Summary An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects OpenSSH for GPFS V3.5. Vulnerability Details CVEID: CVE-2016-0777 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by a client...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM GPFS for Windows (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM GPFS for Windows V3.5 Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properl...
SUSE: Security Advisory (SUSE-SU-2021:2161-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Shreder - A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool
Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second. Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds. Simple CLI and API usage. Installation pip3 install...
Accellion Kiteworks Elevation of Privilege Vulnerability
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An elevation of privilege vulnerability exists in Accellion Kiteworks versions prior to 7.3.1. An attacker can exploit this vulnerability to access SSH...
CVE-2021-31585
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access...