EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2025-2408)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2025-2189)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2024-11584

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it...

Linux Distros Unpatched Vulnerability : CVE-2020-8631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in...

Oracle Linux 8 : cloud-init (ELSA-2025-11324)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-11324 advisory. 23.4-7.0.2.el810.10 - Fixes regression in cloud-init with module ccwritefilesdeferred Orabug: 37382965 - Update IPv6 IMDS endpoint to ULA and drop NIC identifi...

Azure Linux 3.0 Security Update: cloud-init (CVE-2024-11584)

The version of cloud-init installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11584 advisory. - cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default...

CVE-2024-6174 affecting package cloud-init for versions less than 24.3.1-2

CVE-2024-6174 affecting package cloud-init for versions less than 24.3.1-2. A patched version of the package is available...

cloud-init: Cloud init permissions flaw

An access permissions flaw was found in cloud-init. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address, which creates a security exposure...

CBL Mariner 2.0 Security Update: cloud-init (CVE-2024-11584)

The version of cloud-init installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11584 advisory. - cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default...

CBL Mariner 2.0 Security Update: cloud-init (CVE-2024-6174)

The version of cloud-init installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6174 advisory. - When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP...

CVE-2024-6174 affecting package cloud-init for versions less than 23.3-7

CVE-2024-6174 affecting package cloud-init for versions less than 23.3-7. A patched version of the package is available...

Amazon Linux 2023 : cloud-init, cloud-init-cfg-ec2, cloud-init-cfg-onprem (ALAS2023-2025-1082)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1082 advisory. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration...

Amazon Linux 2 : cloud-init (ALAS-2025-2926)

The version of cloud-init installed on the remote host is prior to 19.3-46. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2926 advisory. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,...

CVE-2024-11584

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

CVE-2024-11584

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

CVE-2024-11584

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

CVE-2024-11584

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

CVE-2024-11584

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

PT-2025-26944

Name of the Vulnerable Software and Affected Versions: cloud-init affected versions not specified Description: The issue occurs when a non-x86 platform is detected, causing cloud-init to grant root access to a hardcoded URL with a local IP address. By default, cloud-init configurations disable...

NewStart CGSL MAIN 7.02 : cloud-init Vulnerability (NS-SA-2025-0074)

The remote NewStart CGSL host, running version MAIN 7.02, has cloud-init packages installed that are affected by a vulnerability: - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...