14823 matches found
CVE-2024-12728
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 20.0.3...
CVE-2024-12728
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 20.0.3...
CVE-2024-12728
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 20.0.3...
CVE-2024-12728
CVE-2024-12728 is a weak credentials vulnerability in Sophos Firewall prior to 20.0 MR3 (20.0.3) that could allow privileged SSH access, notably in HA clusters. Affects HA initialisation with non-random passphrases; CVSS 9.8. Remediation: upgrade to 20.0 MR3 or newer (and 21.x MR1+ where applicab...
Exploit for CVE-2024-45337
CVE-2024-45337-POC Proof of concept POC for CVE-2024-45337...
ROS-20241216-07
A vulnerability in the asynchronous client and server implementation of the SSHv2 protocol on top of Python python-asyncssh is related to a lack of data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely, to control a remote SSH client session by injecting ...
Exploit for Path Traversal in Grafana
Automated Exploit Tool for Grafana CVE-2021-43798 !Previewi...
CVE-2024-28980
Dell RecoverPoint for VMs, versions 6.0.x contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution...
CVE-2024-28980
Dell RecoverPoint for VMs (versions 6.0.x) is affected by CVE-2024-28980 due to use of a broken or risky cryptographic algorithm in the SSH component. An unauthenticated attacker with remote access could potentially achieve remote code execution. Public documentation references a Dell security ad...
Remote Code Execution (RCE)
GitHub CLI is vulnerable to Remote Code Execution RCE. The vulnerability is due to unvalidated SSH connection details, allowing a malicious devcontainer to inject arguments that execute arbitrary commands when using gh codespace ssh or gh codespace logs...
SUSE CVE-2024-45337
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
PT-2024-9594 · Dell · Dell Emc Recoverpoint For Vms
Name of the Vulnerable Software and Affected Versions: Dell RecoverPoint for VMs versions 6.0.x Description: The issue is related to the use of a broken or risky cryptographic algorithm in the SSH component. An unauthenticated attacker with remote access could potentially exploit this, leading to...
Dell RecoverPoint for Virtual Machines 加密问题漏洞
Dell RecoverPoint for Virtual Machines is a simple, efficient operations and disaster recovery solution from Dell, Inc. For virtualized applications in VMware environments. A cryptographic issue vulnerability exists in Dell RecoverPoint for Virtual Machines version 6.0 SP1 and version 6.0 SP1 P1,...
CVE-2024-45337
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only...
AZL-54290 CVE-2024-45337 affecting package packer for versions less than 1.9.5-5
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
AZL-54320 CVE-2024-45337 affecting package moby-engine for versions less than 24.0.9-13
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
AZL-54345 CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
CVE-2024-45337
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
AZL-54372 CVE-2024-45337 affecting package cert-manager for versions less than 1.12.13-2
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...
UBUNTU-CVE-2024-45337
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...