Lucene search
K

14903 matches found

Cvelist
Cvelist
added 2021/05/26 6:45 p.m.27 views

CVE-2018-16499

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR Technical Security Requirements...

5.7AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2021/05/26 6:45 p.m.39 views

CVE-2018-16499

The CVE-2018-16499 entry concerns Versa Networks Versa VOS. The connected records indicate the issue stems from the use of unapproved SSH encryption protocols or cipher suites, enabling a network-endpoint attacker to perform a man-in-the-middle attack and potentially view communications between a...

5.9CVSS5.7AI score0.0031EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.3 views

Versa VOS 加密问题漏洞

Versa Networks VOS is an operating system from Versa Networks, USA. The highly flexible VOS enables enterprises, organizations and service providers to deploy Versa SASE in branch offices, clouds, campuses and data centers. A security vulnerability exists in Versa VOS that stems from the use of...

5.9CVSS6AI score0.0031EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/05/20 9:30 p.m.81 views

ABPTTS - TCP Tunneling Over HTTP/HTTPS For Web Application Servers

A Black Path Toward The Sun TCP tunneling over HTTP for web application servers https://www.blackhat.com/us-16/arsenal.htmla-black-path-toward-the-sun Ben Lincoln, NCC Group, 2016 ABPTTS uses a Python client script and a web application server page/package1 to tunnel TCP traffic over an HTTP/HTTP...

7.2AI score
Exploits0References3
NVD
NVD
added 2021/05/20 2:15 p.m.8 views

CVE-2020-24396

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

7.5CVSS0.0185EPSS
Exploits0References3
Prion
Prion
added 2021/05/20 2:15 p.m.15 views

Hardcoded credentials

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

5CVSS7.6AI score0.0185EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/05/20 1:20 p.m.18 views

CVE-2020-24396

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

7.6AI score0.0185EPSS
Exploits0References3
CVE
CVE
added 2021/05/20 1:20 p.m.47 views

CVE-2020-24396

CVE-2020-24396 affects homee Brain Cube v2 (firmware 2.28.2 and 2.28.4). The issue is that sensitive SSH keys are stored within downloadable and unencrypted firmware images, enabling remote attackers to use the support server as a SOCKS proxy. Documented impact is exposure of credentials and pote...

7.5CVSS7.5AI score0.0185EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/20 12:0 a.m.5 views

PT-2021-11032 · Homee · Homee Brain Cube

Name of the Vulnerable Software and Affected Versions: homee Brain Cube v2 versions 2.28.2 through 2.28.4 Description: The issue allows remote attackers to use the support server as a SOCKS proxy due to sensitive SSH keys being present within downloadable and unencrypted firmware images...

7.5CVSS7.4AI score0.0185EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/05/19 12:27 a.m.99 views

CVE-2021-31535

A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate via injection of control characters, or potentially execute arbitrary code with permissions of the application compiled with libX1...

9.8CVSS3.4AI score0.10634EPSS
Exploits2References5
0day.today
0day.today
added 2021/05/19 12:0 a.m.94 views

rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution Exploit

rxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution. !/usr/bin/env python Title: rxvt remote code execution over scp with $SHELL=/bin/bash 0day Version: rxvt 2.7.10, rxvt-unicode 9.22 Author: def Date: 2021-05-16 CVE: N/...

8.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/05/19 12:0 a.m.36 views

CentOS 8 : wpa_supplicant (CESA-2021:1686)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:1686 advisory. - wpasupplicant: P2P group information processing vulnerability CVE-2021-0326 Note that Nessus has not tested for this issue but has instead relied only on the...

7.9CVSS7.5AI score0.04707EPSS
Exploits1References2
Metasploit
Metasploit
added 2021/05/18 5:42 p.m.85 views

SaltStack Salt Information Gatherer

This module gathers information from SaltStack Salt masters and minions. Data gathered from minions: 1. salt minion config file Data gathered from masters: 1. minion list denied, pre, rejected, accepted 2. minion hostname/ip/os depending on module settings 3. SLS 4. roster, any SSH keys are...

6.8AI score
Exploits0
AlmaLinux
AlmaLinux
added 2021/05/18 5:9 p.m.14 views

cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: AliyunRHEL8.4cloud-init cloud-init service failed to...

2.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/05/18 3:29 p.m.75 views

Improper Verification of Cryptographic Signature in golang.org/x/crypto

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

7.5CVSS7.5AI score0.21052EPSS
Exploits6References13Affected Software1
OSV
OSV
added 2021/05/18 3:29 p.m.22 views

GHSA-FFHG-7MH4-33C4 Improper Verification of Cryptographic Signature in golang.org/x/crypto

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

7.5CVSS7.5AI score0.21052EPSS
Exploits6References13
RedHat Linux
RedHat Linux
added 2021/05/18 2:16 p.m.2 views

golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference

A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the gssapi-with-mic authentication method and cause the server to panic...

7.5CVSS7.1AI score0.03228EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2021/05/18 12:0 a.m.158 views

rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution

!/usr/bin/env python Title: rxvt remote code execution over scp with $SHELL=/bin/bash 0day Version: rxvt 2.7.10, rxvt-unicode 9.22 Author: def Date: 2021-05-16 CVE: N/A ------------------------------------------------------------------------------ URXVT VULNERABILITY In rxvt-based terminals, ANSI...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 10:23 a.m.50 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-14145 DESCRIPTION: OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker...

5.9CVSS1.2AI score0.02057EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2021/05/12 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-4944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Rows per page
Query Builder