Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.9.0, which stems from improper access control of the SFTP service, and could result in a Web user logging in with an SSH key...

CVE-2025-34198

CVE-2025-34198 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application where versions before 22.0.951 (Host) and 20.0.2368 (Application) include shared, hardcoded SSH host private keys (RSA, ECDSA, ED25519) embedded in the appliance image. Because the same keys are use...

CVE-2025-10650

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 a...

[SECURITY] Fedora 41 Update: cloud-init-24.2-4.fc41

Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...

[SECURITY] Fedora 42 Update: cloud-init-24.2-5.fc42

Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...

SUSE Manager 安全漏洞

SUSE Manager is a Linux server management system from SUSE Germany. The system provides automated software management, system configuration, and monitoring. A security vulnerability exists in SUSE Manager that stems from insecure handling of ssh keys used to boot clients, allowing a local attacke...

CVE-2024-6580

The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public k...

The vulnerability of software solutions for Juniper Cloud Native Router (JCNR) and Containerized Routing Protocol Daemon (cRPD) lies in the use of hard-coded host SSH keys, which allows an attacker to execute a type of “man-in-the-middle” attack.

The vulnerability of software solutions for Juniper Cloud Native Router JCNR and Containerized Routing Protocol Daemon cRPD is related to the use of hard-coded host SSH keys. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...

PT-2023-25657 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters, specifically ...

PT-2023-4597 · Vmware · Vmware Aria Operations For Networks

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Networks versions 6.0 through 6.10 Description: The issue is related to an authentication bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

Nokia Airscale ASIKA Single RAN 信任管理问题漏洞

Nokia Airscale ASIKA Single RAN is an application for end-to-end use by Nokia of Finland. A security vulnerability exists in NOKIA Airscale ASIKA Single RAN prior to version 21B, which stems from a debugger that does not change the default SSH public/private key values specific to the network...

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...

PT-2023-15772 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.10.3 Description: The issue allows for stored XSS on the SSH keys page. Recommendations: For versions prior to 2022.10.3, update to version 2022.10.3 or later to resolve the issue...

PT-2023-10639 · Rapid7 · Nexpose +1

Name of the Vulnerable Software and Affected Versions: Nexpose virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017 InsightVM virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017 Description: The issue concerns Nexpose and InsightVM virtual...

UBUNTU-CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.5, which stems from a failure to trigger a notification for sensiti...

The vulnerability of the CPE WAN Management Protocol (TR-069) software implementation for centralized device management in the Zyxel Cloud network, enabled by SecuManager, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CPE WAN Management Protocol TR-069 software for centralized device management in the Zyxel Cloud environment is related to the use of strictly encrypted credentials during the processing of SSH keys. The exploit allows an attacker to gain unauthorized access to protected...

The vulnerability of the luci-mod-system web interface of the LuCI configuration tool in the embedded operating system OpenWrt allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Luci-mod-system web interface configuration module in the embedded operating system OpenWrt is related to the lack of protection for the web page structure during the processing of SSH keys from the /etc/dropbear/authorizedkeys file. Exploiting this vulnerability allows a...

JetBrains TeamCity 日志信息泄露漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...