Freedombox 安全漏洞

Freedombox is a Debian-based freeware home server operating system. A security vulnerability exists in Freedombox versions prior to 25.17.1 that stems from improperly set permissions on the backup data directory, which could result in database dump files being read...

Dell SmartFabric OS10 Software Code Injection Vulnerability

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a code injection vulnerability that can be exploited by an attacker to cause code execution...

Dell SmartFabric OS10 Software Command Injection Vulnerability

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a command injection vulnerability that can be exploited by an attacker to cause code execution...

Dell SmartFabric OS10 Software 命令注入漏洞

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a command injection vulnerability that originates from improper neutralization of special elements in commands, which can be exploited by an attacker to cause comman...

Dell SmartFabric OS10 Software 命令注入漏洞

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a command injection vulnerability that can be exploited by an attacker to cause code execution...

Jenkins ssh-agent Docker Image < 6.11.2 SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-agent docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on...

Jenkins ssh-slave Docker Image SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-slave docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-slave Docker images, SSH host keys are generated on image creation for images based on Debian, causing all...

CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-30095

VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...

CVE-2025-30095

VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...

CVE-2025-30095

CVE-2025-30095 affects VyOS 1.3–1.5 (fixed in 1.4.2) and can also impact any Debian-based system using Dropbear with live-build due to identical Dropbear private host keys across installations. This enables active man-in-the-middle attacks on SSH if Dropbear is used as the SSH daemon; VyOS’s cons...

PT-2025-13781 · Vyos +2 · Vyos +2

Name of the Vulnerable Software and Affected Versions: VyOS versions 1.3 through 1.5 Description: The issue allows an attacker to conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the SSH daemon, due to the same Dropbear private host keys being used across...

CVE-2025-30095

VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...

RaspAP 安全漏洞

RaspAP is the RaspAP open source application a simple wireless AP setup and management software for Debian-based devices. A security vulnerability exists in RaspAP versions prior to 3.1.5, which stems from a vulnerability that allows an attacker to elevate privileges...

SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1736 SoftEther VPN DCRegister DDNSRPCMAXRECVSIZE denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22325 SUMMARY A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta,...

RaspAP Unauthenticated Command Injection

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

RaspAP 2.8.7 Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RaspAP Unauthenticated Command Injection', 'Description' = %q RaspAP is feature-rich wireless router software that just works on many popular...

RaspAP 2.8.7 Unauthenticated Command Injection Exploit

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...