Lucene search
K

14907 matches found

OSV
OSV
added 2021/04/14 8:4 p.m.28 views

GO-2020-0012 Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh

An attacker can craft an ssh-ed25519 or [email protected] public key, such that the library will panic when trying to verify a signature with it. If verifying signatures using user supplied public keys, this may be used as a denial of service vector...

7.5CVSS7.3AI score0.21052EPSS
Exploits6References3
OSV
OSV
added 2021/04/14 8:4 p.m.16 views

GO-2020-0013 Man-in-the-middle attack in golang.org/x/crypto/ssh

By default host key verification is disabled which allows for man-in-the-middle attacks against SSH clients if ClientConfig.HostKeyCallback is not set...

8.1CVSS7.9AI score0.03156EPSS
Exploits0References4
0day.today
0day.today
added 2021/04/14 12:0 a.m.240 views

MariaDB 10.2 /MySQL - (wsrep_provider) OS Command Execution Vulnerability

Exploit Title: MariaDB 10.2 /MySQL - 'wsrepprovider' OS Command Execution Exploit Author: Central InfoSec Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL...

7.2CVSS1.1AI score0.38179EPSS
Exploits9
OpenVAS
OpenVAS
added 2021/04/13 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2021-1734)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.04407EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/13 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-1720)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS6.3AI score0.03422EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/04/13 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2021-1761)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.04407EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/12 12:0 a.m.14 views

VyOS Default Credentials (SSH)

The remote VyOS system is using known default credentials for the SSH login. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/04/09 12:30 p.m.62 views

Redcloud - Automated Red Team Infrastructure Deployement Using Docker

Redcloud is a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker. Harness the cloud's speed for your tools. Deploys in minutes. Use and manage it with its polished web interface. Ideal for your penetration tests, shooting ranges, red teaming and...

7.6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/04/08 10:18 a.m.185 views

Moderate: Red Hat Security Advisory: Red Hat 3scale API Management 2.10.0 security update and release

A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

8.8CVSS6.8AI score0.21052EPSS
Exploits6References4
GithubExploit
GithubExploit
added 2021/04/06 11:24 p.m.87 views

Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation

REALITYSMASHER vRealize RCE + Privesc CVE-2021-21975, CVE-20...

8.5CVSS7.8AI score0.78435EPSS
Exploits12
AlmaLinux
AlmaLinux
added 2021/04/06 1:31 p.m.16 views

cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: SUSE specific option, STARTMODE, should not exist in...

2AI score
Exploits0
Cvelist
Cvelist
added 2021/04/02 2:46 p.m.13 views

CVE-2021-28123

Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version...

9.5AI score0.01428EPSS
Exploits0References1
CVE
CVE
added 2021/04/02 2:46 p.m.52 views

CVE-2021-28123

CVE-2021-28123 affects Cohesity DataPlatform, specifically versions 6.3 prior to 6.3.1g, 6.4 up to 6.4.1c, and 6.5.1 through 6.5.1b. The issue is described as an undocumented default cryptographic key vulnerability where the SSH key can provide an attacker access to the Linux system in the affect...

9.8CVSS9.2AI score0.01428EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2021/04/02 11:30 a.m.64 views

SecretScanner - Find Secrets And Passwords In Container Images And File Systems

Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure such as accounts, devices, network, cloud based services,...

7.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/04/02 12:0 a.m.38 views

Debian DSA-4883-1 : underscore - security update

It was discovered that missing input sanitising in the template function of the Underscore JavaScript library could result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

7.2CVSS6.6AI score0.04087EPSS
Exploits2References5
Yubico
Yubico
added 2021/04/02 12:0 a.m.87 views

Security Advisory YSA-2021-04 | Yubico

The YubiHSM library that is included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests and some data operations received from the YubiHSM 2...

7.8CVSS7.6AI score0.01368EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/03/30 12:0 a.m.135 views

Apache Struts Detection (Linux/Unix SSH Login)

SSH login-based detection of Apache Struts. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

0.1AI score
Exploits0
NVD
NVD
added 2021/03/29 9:15 p.m.9 views

CVE-2021-27245

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...

9.3CVSS0.03215EPSS
Exploits0References1
Prion
Prion
added 2021/03/29 9:15 p.m.18 views

Authentication flaw

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...

9.3CVSS8AI score0.03215EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/03/29 9:5 p.m.73 views

CVE-2021-27245

CVE-2021-27245 affects TP-Link Archer A7 family (A7 AC1750; Archer C7 US variants) prior to the specified V5 firmwares. Root cause: improper filtering of IPv6 SSH connections during IPv6 handling enables a firewall bypass by unauthenticated attackers, who could leverage this in conjunction with o...

9.3CVSS8.1AI score0.03215EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder