openSUSE: Security Advisory for the Linux Kernel (Live Patch 40 for SLE 15 SP3) (SUSE-SU-2024:3690-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in ethers-web3 (npm)

The package contains additional code to append a hardcoded SSH key to the user's authorizedkeys file, creating a backoor, along with exfiltrating user private keys to an attack-controlled server...

MAL-2024-9425 Malicious code in ethers-web3 (npm)

The package contains additional code to append a hardcoded SSH key to the user's authorizedkeys file, creating a backoor, along with exfiltrating user private keys to an attack-controlled server...

CVE-2023-32189

Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys...

CVE-2023-32189 Insecure handling SSH key in SUSE Manager when bootstrapping new clients

Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys...

CVE-2023-32189 Insecure handling SSH key in SUSE Manager when bootstrapping new clients

Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys...

CVE-2023-32189

CVE-2023-32189 affects SUSE Manager (bootstrapping new clients) through insecure handling of SSH keys, enabling local attackers to access the keys. The issue is tied to SUSE Manager Server deployments; exploitation details are not described in the provided docs. Remediation is indicated by the SU...

ROS-20241015-10

The vulnerability of the checkbyssh.c component of the Nagios-plugins monitoring system plugin set is related to the following failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to...

The vulnerability of the OpenSSH cryptographic protection mechanism for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the OpenSSH cryptographic security mechanism for Windows operating systems is related to improper external management of file names or file paths. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the “-Oallow-remote-pkcs11” configuration in the ssh-agent service of OpenSSH for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the -Oallow-remote-pkcs11 configuration in the ssh-agent service of OpenSSH for Windows is related to improper external management of file names or paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a malicious DLL library...

The vulnerability of the OpenSSH cryptographic protection mechanism for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the OpenSSH cryptographic security mechanism for Windows operating systems is related to improper external management of file names or file paths. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vulnerability

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper...

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building...

Debian: Security Advisory (DLA-3914-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ABB Cylon Aspect 3.07.02 (sshUpdate.php) Unauthenticated Remote SSH Service Control

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from a vulnerability that allows an...

GO-2024-3162 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault...

PT-2024-6780 · Microsoft · Openssh For Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft OpenSSH for Windows affected versions not specified Description: The issue is related to a configuration vulnerability in the OpenSSH service for Windows, specifically with the -Oallow-remote-pkcs11 option for the ssh-agent...

Acronis Cyber Infrastructure 5.0.1-61 Cross Site Request Forgery

============================================================================================================================================= | Title : Acronis Cyber Infrastructure 5.0.1-61 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Acronis Cyber Infrastructure default password remote code execution

Acronis Cyber Infrastructure ACI is an IT infrastructure solution that provides storage, compute, and network resources. Businesses and Service Providers are using it for data storage, backup storage, creating and managing virtual machines and software-defined networks, running cloud-native...

PAM module may allow accessing with the credentials of another user

Authd PAM module up to version 0.3.4 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. This is possible using tools such as su, sudo or ssh and potentially others that, so far, do not...