Lucene search
K

14907 matches found

Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.37 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Vulnerability (NS-SA-2021-0026)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected by a vulnerability: - In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an...

8.1CVSS6.8AI score0.03793EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.41 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Vulnerability (NS-SA-2021-0011)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are affected by a vulnerability: - A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure S...

5.1CVSS5.7AI score0.01403EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/03/10 12:0 a.m.52 views

OpenSSH 8.2 < 8.5 Memory Corruption Vulnerability

OpenSSH is prone to a memory corruption vulnerability in the ssh-agent. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

7.1CVSS7.1AI score0.03422EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.26 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0016)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys...

7.1CVSS5.7AI score0.00438EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.32 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libssh2 (EulerOS-SA-2021-1384)

According to the version of the libssh2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A...

9.1CVSS7.2AI score0.06448EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/03/09 3:34 p.m.166 views

CVE-2021-28041

A double-free memory corruption flaw was found in OpenSSH 8.2, more specifically in ssh-agent application. This flaw allows an attacker with access to the agent socket to forward an agent either to an account shared with a malicious user or to a host with an attacker holding root access. The...

7.1CVSS3.3AI score0.03422EPSS
Exploits1References4
ICS
ICS
added 2021/03/09 12:0 a.m.56 views

Siemens SCALANCE and RUGGEDCOM Devices SSH (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE and RUGGEDCOM Devices Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

7.5CVSS7.7AI score0.0129EPSS
Exploits0References11
Metasploit
Metasploit
added 2021/03/08 5:42 p.m.90 views

VMware vCenter Server Unauthenticated OVA File Upload RCE

This module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitab...

10CVSS9.8AI score0.9957EPSS
Exploits47
0day.today
0day.today
added 2021/03/08 12:0 a.m.84 views

VMware vCenter Server File Upload / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren'...

9.8CVSS9.9AI score0.9957EPSS
Exploits47
Kitploit
Kitploit
added 2021/03/07 8:30 p.m.22 views

Procrustes - A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked

A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution e.g...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2021/03/07 11:30 a.m.44 views

packetStrider - A Network Packet Forensics Tool For SSH

packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...

6.6CVSS6.6AI score0.01533EPSS
Exploits0References4
Kitploit
Kitploit
added 2021/03/06 8:30 p.m.275 views

Chameleon - Customizable Honeypots For Monitoring Network Traffic, Bots Activities And Username\Password Credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres And MySQL)

Customizable honeypots for monitoring network traffic, bots activities and username\password credentials DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET and Postgres and MySQL Grafana Interface NMAP Scan Credentials Monitoring General Features Modular...

7.3AI score
Exploits0References3
OSV
OSV
added 2021/03/05 9:15 p.m.4 views

DEBIAN-CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.3AI score0.03422EPSS
Exploits1References1
OSV
OSV
added 2021/03/05 9:15 p.m.31 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS6.6AI score
Exploits0References9
OSV
OSV
added 2021/03/05 9:15 p.m.4 views

ALPINE-CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7AI score0.03422EPSS
Exploits1References1
NVD
NVD
added 2021/03/05 9:15 p.m.39 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS0.03422EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2021/03/05 9:15 p.m.325 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7AI score0.03422EPSS
Exploits1References5
OSV
OSV
added 2021/03/05 9:15 p.m.3 views

UBUNTU-CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.1AI score0.03422EPSS
Exploits1References6
CVE
CVE
added 2021/03/05 7:7 p.m.12886 views

CVE-2021-28041

The CVE refers to OpenSSH ssh-agent before 8.5, where a double-free vulnerability may be triggered in rare scenarios (unconstrained agent-socket access on legacy OS or forwarding to an attacker-controlled host). Affected component: ssh-agent in OpenSSH prior to 8.5. Root cause: double free descri...

7.1CVSS6.8AI score0.03422EPSS
Exploits1References9Affected Software1
AlpineLinux
AlpineLinux
added 2021/03/05 7:7 p.m.92 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.1AI score0.03422EPSS
Exploits1
Rows per page
Query Builder