Lucene search
K

14907 matches found

Tenable Nessus
Tenable Nessus
added 2021/03/19 12:0 a.m.88 views

FreeBSD : OpenSSH -- Double-free memory corruption in ssh-agent (76b5068c-8436-11eb-9469-080027f515ea)

OpenBSD Project reports : ssh-agent1: fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. On modern operating systems where the OS can provi...

7.1CVSS7.3AI score0.03422EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2021/03/18 12:0 a.m.345 views

Hestia Control Panel 1.3.2 - Arbitrary File Write

Title: Hestia Control Panel 1.3.2 - Arbitrary File Write Date: 07.03.2021 Author: Numan Türle Vendor Homepage: https://hestiacp.com/ Software Link: https://github.com/hestiacp/hestiacp Version: 1.3.3 Tested on: HestiaCP Version 1.3.2 curl --location --request POST...

7.4AI score
Exploits0
OSV
OSV
added 2021/03/17 4:9 p.m.4 views

SUSE-SU-2021:0806-1 Security update for crmsh

This update for crmsh fixes the following issues: - Update to version 4.3.0+20210219.5d1bf034: Fix: hbreport: walk through hbreport process under haclusterCVE-2020-35459, bsc1179999; CVE-2021-3020, bsc1180571 Fix: bootstrap: setup authorized ssh access for haclusterCVE-2020-35459, bsc1179999;...

8.8CVSS7.8AI score0.00994EPSS
Exploits1References10
Kitploit
Kitploit
added 2021/03/17 11:30 a.m.299 views

Lazy-RDP - Script For AutomRDPatic Scanning And Brute-Force

Script For AutomRDPatic Scanning And Brute-Force. Demo Video: Lazy-RDP over SSH: Script for automatic scanning of the address list for the presence of open 3389 ports, and then selecting the method and starting busting pair login / password. The script is tuned for Kali linux 2.0, Kali linux 2016...

6.9AI score
Exploits0References1
OSV
OSV
added 2021/03/17 6:15 a.m.23 views

CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

7.8CVSS8.8AI score
Exploits0References3
NVD
NVD
added 2021/03/17 6:15 a.m.22 views

CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

7.8CVSS0.00404EPSS
Exploits1References3
OSV
OSV
added 2021/03/17 6:15 a.m.5 views

DEBIAN-CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

7.8CVSS7.3AI score0.00404EPSS
Exploits1References1
Prion
Prion
added 2021/03/17 6:15 a.m.21 views

Default credentials

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

4.6CVSS7.5AI score0.00404EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2021/03/17 6:0 a.m.22 views

CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

8.4AI score0.00404EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2021/03/17 6:0 a.m.46 views

CVE-2017-20002

The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH hence bypassing PAM's nulloksecure configuration. Thi...

7.8CVSS7.4AI score0.00404EPSS
Exploits1
Packet Storm
Packet Storm
added 2021/03/17 12:0 a.m.361 views

VestaCP 0.9.8 Cross Site Request Forgery

Exploit Title: VestaCP 0.9.8 - File Upload CSRF Exploit Author: Fady Othman Date: 16-03-2021 Vendor Homepage: https://vestacp.com/ Software Link: https://github.com/myvesta/vesta Version: Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 CVE ID: CVE-2021-28379 Patch...

0.5AI score0.06033EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/03/17 12:0 a.m.464 views

VestaCP 0.9.8 - File Upload CSRF

Exploit Title: VestaCP 0.9.8 - File Upload CSRF Exploit Author: Fady Othman Date: 16-03-2021 Vendor Homepage: https://vestacp.com/ Software Link: https://github.com/myvesta/vesta Version: Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 CVE ID: CVE-2021-28379 Patch...

8.8CVSS8.9AI score0.06033EPSS
Exploits4
OSV
OSV
added 2021/03/15 10:40 p.m.7 views

USN-4854-1 python-asyncssh vulnerability

Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client could use this vulnerability to skip authentication of SSH sessions...

9.8CVSS7.3AI score0.0178EPSS
Exploits0References2
NVD
NVD
added 2021/03/15 5:15 p.m.14 views

CVE-2021-25676

A vulnerability has been identified in RUGGEDCOM RM1224 V6.3, SCALANCE M-800 V6.3, SCALANCE S615 V6.3, SCALANCE SC-600 All Versions = V2.1 and V2.1.3. Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will...

7.5CVSS0.0129EPSS
Exploits0References2
Prion
Prion
added 2021/03/15 5:15 p.m.17 views

Authentication flaw

A vulnerability has been identified in RUGGEDCOM RM1224 V6.3, SCALANCE M-800 V6.3, SCALANCE S615 V6.3, SCALANCE SC-600 All Versions = V2.1 and V2.1.3. Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will...

5CVSS7.4AI score0.0129EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2021/03/15 5:3 p.m.60 views

CVE-2021-25676

CVE-2021-25676 affects Siemens SCALANCE and RUGGEDCOM devices. Vulnerable components: RUGGEDCOM RM1224 (v6.3), SCALANCE M-800 (v6.3), SCALANCE S615 (v6.3), SCALANCE SC-600 (v2.1 up to

7.5CVSS7.4AI score0.0129EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/03/15 3:15 p.m.14 views

CVE-2021-27892

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected...

7.8CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2021/03/15 3:15 p.m.10 views

CVE-2021-27893

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected...

7CVSS0.00381EPSS
Exploits0References1
OSV
OSV
added 2021/03/15 3:15 p.m.4 views

CVE-2021-27892

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected...

7.8CVSS7.1AI score0.00251EPSS
Exploits0References1
OSV
OSV
added 2021/03/15 3:15 p.m.5 views

CVE-2021-27893

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected...

7CVSS7.1AI score0.00381EPSS
Exploits0References1
Rows per page
Query Builder