Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-21502
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them acces...
Dell Emc Powerscale Onefs 9.0.0
Dell Emc Powerscale Onefs 8.1.0
Dell Emc Powerscale Onefs 8.1.1
Dell Emc Powerscale Onefs 8.2.0
Dell Emc Powerscale Onefs 8.2.1
Dell Emc Powerscale Onefs 8.1.2
Dell Emc Powerscale Onefs 8.2.2
Dell Emc Powerscale Onefs 9.1.0
9.8
CVSSv3
CVE-2020-15833
An issue exists on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
Mofinetwork Mofi4500-4gxelte Firmware 4.1.5-std
9.8
CVSSv3
CVE-2020-10210
Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.
Amino Ak45x Firmware -
Amino Ak5xx Firmware -
Amino Ak65x Firmware -
Amino Aria6xx Firmware -
Amino Aria7xx Firmware -
Amino Kami7b Firmware -
9.8
CVSSv3
CVE-2020-25196
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
Moxa Nport Iaw5000a-i\\/o Firmware
9.8
CVSSv3
CVE-2020-29583
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin p...
Zyxel Usg20-vpn Firmware 4.60
Zyxel Usg20w-vpn Firmware 4.60
Zyxel Usg40 Firmware 4.60
Zyxel Usg40w Firmware 4.60
Zyxel Usg60 Firmware 4.60
Zyxel Usg60w Firmware 4.60
Zyxel Usg110 Firmware 4.60
Zyxel Usg210 Firmware 4.60
Zyxel Usg310 Firmware 4.60
Zyxel Usg1100 Firmware 4.60
Zyxel Usg1900 Firmware 4.60
Zyxel Usg2200 Firmware 4.60
Zyxel Zywall110 Firmware 4.60
Zyxel Zywall310 Firmware 4.60
Zyxel Zywall1100 Firmware 4.60
2 Github repositories
9.8
CVSSv3
CVE-2020-20184
GateOne allows remote malicious users to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection.
Liftoffsoftware Gateone -
9.8
CVSSv3
CVE-2020-26201
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an malicious user to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
Askey Ap5100w Firmware
9.8
CVSSv3
CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25,...
Barco Wepresent Wipg-1600w Firmware 2.4.1.19
Barco Wepresent Wipg-1600w Firmware 2.5.0.24
Barco Wepresent Wipg-1600w Firmware 2.5.0.25
Barco Wepresent Wipg-1600w Firmware 2.5.1.8
9.8
CVSSv3
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
1 Article
9.8
CVSSv3
CVE-2020-16846
An issue exists in SaltStack Salt up to and including 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »