Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : cloud-init-19.4-11.el8 (AXSA:2021-1222:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1222:01 advisory. cloud-init: Use of random.choice when generating random password CVE-2020-8631 cloud-init: Too short random password length in ccsetpassword in...

5.5CVSS7.9AI score0.00438EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.33 views

K33846344: Cloud-init vulnerabilities CVE-2020-8631 and CVE-2020-8632

Security Advisory Description CVE-2020-8631 cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function. CVE-2020-8632 In cloud-init through 19.4,...

5.5CVSS5.3AI score0.00438EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2020-0295)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.8AI score0.00438EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2020:0751-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.5AI score0.00438EPSS
Exploits0References2
Amazon
Amazon
added 2021/03/20 12:0 a.m.46 views

Medium: cloud-init

Issue Overview: A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the...

5.5CVSS5.8AI score0.00438EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.28 views

NewStart CGSL MAIN 6.02 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0062)

The remote NewStart CGSL host, running version MAIN 6.02, has cloud-init packages installed that are affected by multiple vulnerabilities: - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for attackers to...

5.5CVSS6AI score0.00438EPSS
Exploits0References3
Amazon
Amazon
added 2021/01/07 12:0 a.m.32 views

Medium: cloud-init

Issue Overview: The default cloud-init configuration included "sshdeletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one...

7.1CVSS5.2AI score0.00438EPSS
Exploits0
CBLMariner
CBLMariner
added 2020/11/30 7:30 p.m.14 views

CVE-2020-8632 affecting package cloud-init 19.1-6

CVE-2020-8632 affecting package cloud-init 19.1-6. A patched version of the package is available...

5.5CVSS7.5AI score0.00368EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/11/04 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-2333)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.5AI score0.00438EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/11/03 12:0 a.m.30 views

EulerOS 2.0 SP2 : cloud-init (EulerOS-SA-2020-2333)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for...

5.5CVSS6AI score0.00438EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/10/21 12:0 a.m.26 views

Scientific Linux Security Update : cloud-init on SL7.x x86_64 (20201001)

Security Fixes : - cloud-init: Use of random.choice when generating random password CVE-2020-8631 - cloud-init: Too short random password length in ccsetpassword in config/ccsetpasswords.py CVE-2020-8632 - cloud-init: default configuration disabled deletion of SSH host keys CVE-2018-10896 C Tenab...

7.1CVSS5.5AI score0.00438EPSS
Exploits0References4
Cent OS
Cent OS
added 2020/10/20 5:49 p.m.919 views

cloud security update

CentOS Errata and Security Advisory CESA-2020:3898 An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

7.1CVSS6.1AI score0.00438EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/09/29 8:37 p.m.55 views

Moderate: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update

An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.1CVSS6.1AI score0.00438EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.43 views

RHEL 7 : cloud-init (RHSA-2020:3898)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3898 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization...

7.1CVSS5.9AI score0.00438EPSS
Exploits0References17
Mageia
Mageia
added 2020/07/31 11:25 p.m.30 views

Updated cloud-init packages fix security vulnerability

In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function CVE-2020-8631. In cloud-init, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default...

5.5CVSS4AI score0.00438EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/03/30 12:0 a.m.38 views

openSUSE Security Update : cloud-init (openSUSE-2020-400)

This update for cloud-init fixes the following security issues : - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG bsc1162937. - CVE-2020-8632: Increased the default random password length from 9 to 20 bsc1162936. This update was imported from the...

5.5CVSS5.9AI score0.00438EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/03/30 12:0 a.m.23 views

openSUSE: Security Advisory for cloud-init (openSUSE-SU-2020:0400-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS6.1AI score0.00438EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2020/03/29 12:0 a.m.110 views

Security update for cloud-init (moderate)

openSUSE Security Update: Security update for cloud-init Announcement ID: openSUSE-SU-2020:0400-1 Rating: moderate References: 1162936 1162937 1163178 Cross-References: CVE-2020-8631 CVE-2020-8632 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata i...

5.5CVSS6.2AI score0.00438EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/03/24 12:0 a.m.33 views

SUSE SLED15 / SLES15 Security Update : cloud-init (SUSE-SU-2020:0751-1)

This update for cloud-init fixes the following security issues : CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG bsc1162937. CVE-2020-8632: Increased the default random password length from 9 to 20 bsc1162936. Note that Tenable Network Security has...

5.5CVSS5.9AI score0.00438EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/03/23 12:0 a.m.31 views

EulerOS 2.0 SP5 : cloud-init (EulerOS-SA-2020-1304)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In cloud-init through 19.4, randuserpassword in cloudinit/config/ccsetpasswords.py has a small default pwlen value, which makes it easier for...

5.5CVSS6AI score0.00438EPSS
Exploits0References3
Rows per page
Query Builder