Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-43068
Dell SmartFabric Storage Software v1.4 (and previous versions) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.
Dell Smartfabric Storage Software
7.5
CVSSv3
CVE-2023-43809
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote malicious user to bypass public key authentication when keyboard-interactive SSH authentication is active, through ...
Charm Soft Serve
8.1
CVSSv3
CVE-2023-43660
Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The...
Warpgate Project Warpgate
9.8
CVSSv3
CVE-2023-42818
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force au...
Fit2cloud Jumpserver
9.1
CVSSv3
CVE-2023-43652
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and...
Fit2cloud Jumpserver
7.5
CVSSv3
CVE-2023-20262
A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote malicious user to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and we...
Cisco Sd-wan Vmanage 20.12
Cisco Sd-wan Vmanage
Cisco Catalyst Sd-wan Manager
8.8
CVSSv3
CVE-2023-35793
An issue exists in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks.
Cassianetworks Access Controller 2.1.1.2303271039
2 Github repositories
8.8
CVSSv3
CVE-2023-43633
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an malicious user to change the system’s configuration, ...
Lfedge Eve
7.8
CVSSv3
CVE-2023-43619
An issue exists in Croc up to and including 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.
Schollz Croc
7.2
CVSSv3
CVE-2023-31808
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.
Technicolor Tg670 Firmware 10.5.n.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »