Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-28913
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an attack chain to ...
Bab-technologie Eibport Firmware
9.8
CVSSv3
CVE-2021-28909
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated malicious users to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and p...
Bab-technologie Eibport Firmware
9.8
CVSSv3
CVE-2021-34565
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware
9.8
CVSSv3
CVE-2021-39615
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain acc...
Dlink Dsr-500n Firmware 1.02
9.8
CVSSv3
CVE-2021-38173
Btrbk prior to 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
Digint Btrbk
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
9.8
CVSSv3
CVE-2021-31580
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later)...
Akkadianlabs Ova Appliance
Akkadianlabs Provisioning Manager
9.8
CVSSv3
CVE-2021-31800
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket up to and including 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary...
Secureauth Impacket
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
1 Github repository
9.8
CVSSv3
CVE-2020-21995
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
Inim Smartliving 505 Firmware
Inim Smartliving 515 Firmware
Inim Smartliving 1050 Firmware
Inim Smartliving 1050g3 Firmware
Inim Smartliving 10100l Firmware
Inim Smartliving 10100lg3 Firmware
9.8
CVSSv3
CVE-2021-28123
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 up to and including 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.
Cohesity Cohesity Dataplatform
9.8
CVSSv3
CVE-2021-3197
An issue exists in SaltStack Salt prior to 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »