CVE-2024-48442

CVE-2024-48442 affects Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLIC, version 3.2.2543.12.18. Root cause is an incorrect access control that allows unauthenticated SSH access. Reported impact is confidentiality exposure via SSH without authentication; no...

CVE-2024-20526

A vulnerability in the SSH server of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. A...

CVE-2024-20526

A vulnerability in the SSH server of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. A...

CVE-2024-20526

A vulnerability in the SSH server of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. A...

CVE-2024-20526

Cisco ASA SSH server vulnerability (CVE-2024-20526): a logic error during SSH session establishment can allow an unauthenticated remote attacker to exhaust SSH resources, triggering a DoS where new SSH connections are denied while existing ones stay functional. Reboot is required to recover. Affe...

CVE-2024-20329

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

CVE-2024-20329 Cisco Adaptive Security Appliance Software Remote Command Injection Vulnerability

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

CVE-2024-20329 Cisco Adaptive Security Appliance Software Remote Command Injection Vulnerability

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

CVE-2024-20329

CVE-2024-20329 (Cisco ASA SSH RCE) involves an authenticated remote command-injection vulnerability in the SSH subsystem of Cisco ASA software. The root cause is insufficient validation of user input when executing remote CLI commands over SSH. Exploitation could allow a limited-privilege user to...

Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

Cisco Adaptive Security Appliance Software SSH Server Resource Denial of Service Vulnerability

A vulnerability in the SSH server of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. A...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.39 security update

Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Cisco Adaptive Security Appliance 安全漏洞

The Cisco Adaptive Security Appliance is a network appliance from the American company Cisco, Inc. It is used to protect corporate networks and data centers of all sizes. A security vulnerability exists in the Cisco Adaptive Security Appliance that originates from a logic error when establishing ...

PT-2024-9152 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue is related to insufficient validation of user input in the SSH subsystem, allowing an authenticated, remote attacker to execute operating...

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell SSH protocol. The packages attempt to "gain SSH access to the victim's machine by...

ROS-20241021-07

Vulnerability of ssh-agent of OpenSSH cryptographic protection tool is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service or execute arbitrary code...

Xlight FTP 输入验证错误漏洞

Xlight FTP is a high performance and easy to use FTP server software from Xlight FTP Inc. Make file transfers secure and easy to use. A security vulnerability exists in Xlight FTP versions prior to 3.9.4.3 that stems from an integer overflow in the SFTP server packet parsing logic, which could le...

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such ...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

MAL-2024-9424 Malicious code in ethers-mew (npm)

The package contains additional code to append a hardcoded SSH key to the user's authorizedkeys file, creating a backoor, along with exfiltrating user private keys to an attack-controlled server...