CVE-2022-36909

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system ...

Joyent SmartOS 安全漏洞

Joyent SmartOS is an open source UNIX-like operating system from SmartOS Open Source. A security vulnerability exists in Joyent SmartOS that stems from the presence of a static host SSH key in the 60f76fd2-143f-4f57-819b-1ae32684e81b image...

Minerbabe 安全漏洞

Minerbabe is a graphics card mining management system from Minerbabe. A security vulnerability exists in Minerbabe V4.16 and earlier versions, which stems from an included SSH host key in the installation image, resulting in a security vulnerability...

nvOC 安全漏洞

nvOC is a low-rate narrowband speech coding scheme from the individual developers at Payam Nab. A security vulnerability exists in nvOC 3.2 and earlier versions, which stems from the inclusion of an SSH host key in the included installation image, leading to the existence of a security...

CVE-2023-40236

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

SUSE CVE-2013-4436

The default configuration for salt-ssh in Salt aka SaltStack 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle MITM attack...

PT-2022-28035 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.5 Description: The issue is related to a failure to sanitize special elements, which can lead to special element injection. Specifically, in rdiffweb, the lack of sanitization of characters in SSH key names coul...

CVE-2022-30307

A key management error vulnerability CWE-320 affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack...

CVE-2020-15340

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/defaultaxess/axess/TR69/Handlers/turbolink/sshkeys/idrsa SSH key...

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...

Siemens SICAM GridEdge Essential 安全漏洞

SICAM GridEdge can make your existing IEC61850 devices IoT capable with just a few clicks.An access control error vulnerability exists in Siemens SICAM GridEdge, which could be exploited by an attacker with access to the file system of the host computer running SICAM GridEdge to inject a custom S...

Motorola Solutions ACE1000 信任管理问题漏洞

The Motorola Solutions ACE1000 is a Remote Terminal Unit from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions ACE1000 RTU version, which stems from a hard-coded SSH private key shipped with the affected product, and can be exploited by an attacker to manipulate...

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

openstack-mistral: std.ssh action may disclose presence of arbitrary files

An information-disclosure flaw was discovered in openstack-mistral, where the SSH private key filename of a std.ssh action could be manipulated. The flaw could be exploited to determine the presence of a file path on the host executing the std.ssh action, based on the returned error message...

CVE-2017-16203

The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

CVE-2017-16206

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

Sophos XG Firewall SFOS Logging Subsystem Cross-Site Scripting Vulnerability

Sophos XG Firewall is a firewall appliance from Sophos UK.SFOS is the operating system that runs on it.Logging subsystem is one of the logging subsystems. A cross-site scripting vulnerability exists in the WAF log page of the webadmin interface of the Logging subsystem in SFOS versions prior to...

Inteno Router Information Disclosure Vulnerability

Inteno routers is a wireless router from Inteno Broadband Technologies in Sweden. A security vulnerability exists in Inteno routers, which stems from the program's failure to properly configure JUCI ACLs, which can be exploited to read and write files and add a root SSH key by sending JSON comman...

Cisco Virtual WSA/ESA/SMA remote-support feature default SSH host key vulnerability

The Cisco Web Security Virtual Appliance WSAv, Email Security Virtual Appliance ESAv, and Security Management Virtual Appliance SMAv are products of the Cisco Corporation. Cisco WSAv is a software version of the Web Security Appliance WSA, ESAv is a software version of the Email Security Applianc...