14907 matches found
GO-2020-0012 Panic due to improper verification of cryptographic signatures in golang.org/x/crypto/ssh
An attacker can craft an ssh-ed25519 or [email protected] public key, such that the library will panic when trying to verify a signature with it. If verifying signatures using user supplied public keys, this may be used as a denial of service vector...
GO-2020-0013 Man-in-the-middle attack in golang.org/x/crypto/ssh
By default host key verification is disabled which allows for man-in-the-middle attacks against SSH clients if ClientConfig.HostKeyCallback is not set...
MariaDB 10.2 /MySQL - (wsrep_provider) OS Command Execution Vulnerability
Exploit Title: MariaDB 10.2 /MySQL - 'wsrepprovider' OS Command Execution Exploit Author: Central InfoSec Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL...
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2021-1734)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2021-1720)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2021-1761)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VyOS Default Credentials (SSH)
The remote VyOS system is using known default credentials for the SSH login. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Redcloud - Automated Red Team Infrastructure Deployement Using Docker
Redcloud is a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker. Harness the cloud's speed for your tools. Deploys in minutes. Use and manage it with its polished web interface. Ideal for your penetration tests, shooting ranges, red teaming and...
Moderate: Red Hat Security Advisory: Red Hat 3scale API Management 2.10.0 security update and release
A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation
REALITYSMASHER vRealize RCE + Privesc CVE-2021-21975, CVE-20...
cloud-init bug fix and enhancement update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: SUSE specific option, STARTMODE, should not exist in...
CVE-2021-28123
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version...
CVE-2021-28123
CVE-2021-28123 affects Cohesity DataPlatform, specifically versions 6.3 prior to 6.3.1g, 6.4 up to 6.4.1c, and 6.5.1 through 6.5.1b. The issue is described as an undocumented default cryptographic key vulnerability where the SSH key can provide an attacker access to the Linux system in the affect...
SecretScanner - Find Secrets And Passwords In Container Images And File Systems
Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure such as accounts, devices, network, cloud based services,...
Debian DSA-4883-1 : underscore - security update
It was discovered that missing input sanitising in the template function of the Underscore JavaScript library could result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
Security Advisory YSA-2021-04 | Yubico
The YubiHSM library that is included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests and some data operations received from the YubiHSM 2...
Apache Struts Detection (Linux/Unix SSH Login)
SSH login-based detection of Apache Struts. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-27245
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...
Authentication flaw
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...
CVE-2021-27245
CVE-2021-27245 affects TP-Link Archer A7 family (A7 AC1750; Archer C7 US variants) prior to the specified V5 firmwares. Root cause: improper filtering of IPv6 SSH connections during IPv6 handling enables a firewall bypass by unauthenticated attackers, who could leverage this in conjunction with o...