cloud-init: default configuration disabled deletion of SSH host keys

The default cloud-init configuration included "sshdeletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct...

Command Execution Vulnerability in SSH of UPS Management Module at VitiTech Ltd.

VitiTech is an uninterruptible power supply, automation control equipment and industrial battery company. A command execution vulnerability exists in SSH, the UPS management module of Verti Technologies Ltd. The vulnerability can be exploited to remotely execute system shell commands bypassing...

The vulnerability of the update service for microprogramming software of Cisco TelePresence Collaboration Endpoint Software and the Cisco RoomOS operating system allows a hacker to modify the file system, trigger a service failure, or gain privileged access to the root file system.

The vulnerability of the software update service for Cisco TelePresence Collaboration Endpoint Software and the operating system Cisco RoomOS exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow...

CVE-2020-3336

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...

Input validation

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...

CVE-2020-3929

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages...

The vulnerability of the SSH Secure Shell server of the Cisco IOS operating system, which allows a hacker to trigger a maintenance failure.

The vulnerability of the Cisco IOS operating system’s Secure Shell server is related to state management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Cisco IOS and IOS XE Denial of Service Vulnerability (CNVD-2020-31826)

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A security vulnerability exists in the Secure Shell SSH server code in Cisco IOS Software and Cisco IOS XE Software, which stems from the SSH state machine not properly representing internal state. An...

CVE-2020-3200 Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which...

Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which...

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint...

CloudBees Jenkins Amazon EC2 Plugin Man-in-the-Middle Attack Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Amazon EC2 Plugin is used in which an EC2 connection agen...

F5 Networks BIG-IP : F5 secure shell vulnerability (K03585731)

A user associated with the Resource Administrator role who has access to the secure copy scp utilitybut does not have access to Advanced Shell bashcan execute arbitrary commands using a maliciously crafted scp request.CVE-2020-5873 Impact An authenticated user with Resource Administrator role can...

Ntop nDPI Input Validation Error Vulnerability

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. An input validation error vulnerability exists in the SSH protocol parser in Ntop nDPI 3.2 Stable and prior versions, which can be exploited by attackers to execute code or perform network traffic analysis...

DEBIAN-CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...

Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25367)

Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in Evenroute IQrouter 3.3.1 and earlier versions, which stems from an empty password for the root account. The vulnerability can be exploited by an attacker to gain full remote access with the help of the...

CVE-2020-11965

In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step fo...

VulnCheck KEV: CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

CVE-2020-10262

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...

The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik allows a hacker to cause a service failure.

The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik routers is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures by using system calls like connect and write...