CVE-2022-38133

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases...

JetBrains TeamCity 日志信息泄露漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

CVE-2022-30272

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

CVE-2022-24657

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...

CVE-2022-32985

libnxapl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201...

The vulnerability of the SSH key import function in multifunctional measuring devices SICAM GridEdge Essential ARM (6MD7881-2AA30), SICAM GridEdge Essential Intel (6MD7881-2AA40), SICAM GridEdge Essential Intel (6MD7881-2AA40), and SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) allows a hacker to execute arbitrary code.

The vulnerability of the SSH key import function in SICAM GridEdge Essential ARM 6MD7881-2AA30, SICAM GridEdge Essential Intel 6MD7881-2AA40, SICAM GridEdge Essential Intel 6MD7881-2AA40, and SICAM GridEdge Essential with GDS Intel 6MD7881-2AA20 devices relates to the disclosure of information in...

Schneider Electric Easergy P5 加密问题漏洞

The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. A vulnerability in encryption issues exists in Schneider Electric Easergy P5 V01.401.102 and prior versions, which stems from the use of a corrupted or risky encrypti...

CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...

Siemens SICAM GridEdge Essential 安全漏洞

SICAM GridEdge can make your existing IEC61850 devices IoT capable with just a few clicks.An access control error vulnerability exists in Siemens SICAM GridEdge, which could be exploited by an attacker with access to the file system of the host computer running SICAM GridEdge to inject a custom S...

The vulnerability of the ssh_command function in the web interface for managing Roxy-wi servers allows a hacker to execute arbitrary code.

The vulnerability of the sshcommand function in the web interface for managing Roxy-wi servers is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the SEPCOS Single Package software for the Secheron SEPCOS control and protection relay allows a hacker to elevate their privileges to the level of a superuser.

The vulnerability of the SEPCOS Single Package control and protection relay software is related to weak password requirements. Exploiting this vulnerability could allow a malicious actor to elevate their privileges to superuser status through the open TCP port for SSH...

CLSA-2022-1656961923 Fixed CVE-2022-27782 in curl

CVE-2022-27782: add missing checks of ssl and ssh options during matching a connection for reuse...

CLSA-2022-1656961578 Fixed CVE-2022-27782 in curl

CVE-2022-27782: add missing checks of ssl and ssh options during matching a connection for reuse...

curl: TLS and SSH connection too eager reuse

A vulnerability was found in curl. This issue occurs because curl can reuse a previously created connection even when a TLS or SSH-related option is changed that should have prohibited reuse. This flaw leads to an authentication bypass, either by mistake or by a malicious actor...

Emerson DeltaV Distributed Control System 信任管理问题漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a trust...

Motorola Solutions ACE1000 信任管理问题漏洞

The Motorola Solutions ACE1000 is a Remote Terminal Unit from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions ACE1000 RTU version, which stems from a hard-coded SSH private key shipped with the affected product, and can be exploited by an attacker to manipulate...

Motorola Solutions ACE1000 数据伪造问题漏洞

The Motorola Solutions ACE1000 is a remote terminal unit RTU from Motorola Solutions USA. The Motorola Solutions ACE1000 RTU is vulnerable to a data forgery issue, which arises from an attacker communicating with the Motorola ACE1000 RTU via SSH or Web UI, who could push a malicious firmware imag...

CVE-2022-28622

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2...