GO-2026-4281 Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer in github.com/harvester/harvester-installer

Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer in github.com/harvester/harvester-installer...

CVE-2025-62877

CVE-2025-62877 affects SUSE Virtualization (Harvester) where the interactive installer on Harvester 1.5.x–1.6.x may expose the OS default SSH password when creating a new cluster or adding hosts. The issue does not occur when PXE boot with the Harvester configuration is used. Affected component i...

CVE-2025-58778

CVE-2025-58778 concerns Ruijie Networks RG-EST300 devices, where an undocumented SSH server feature is enabled by default in the initial configuration. The vulnerability allows anyone with the relevant credentials to log in, potentially leading to information disclosure, unauthorized changes to s...

EUVD-2016-2412

Malware in sbrugna...

EUVD-2019-7914

Malware in sbrugna...

EUVD-2023-29151

Malicious code in bioql PyPI...

EUVD-2025-24631

Malicious code in bioql PyPI...

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

CVE-2019-17584

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32 or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from...

CVE-2025-48416

An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be...

CVE-2024-55560

CVE-2024-55560 affects MailCleaner versions before 28d913e, where the default SSH host keys (ssh_host_dsa_key, ssh_host_rsa_key, ssh_host_ed25519_key) persist after installation. The underlying issue is the continued presence of these default keys, which can enable unauthorized access to the devi...

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2023-25187

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...

PT-2023-19968 · Nokia · Nokia Airscale Asika Single Ran

Name of the Vulnerable Software and Affected Versions: NOKIA Airscale ASIKA Single RAN devices versions prior to 21B Description: An issue was discovered where Nokia Single RAN commissioning procedures do not change the default SSH public/private key values that are specific to a network operator...

CVE-2019-17584

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32 or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from...

Design/Logic Flaw

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32 or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from...

Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection

Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data Discovered by Pedro Ribeiro [email protected] from Agile Information Security...

CVE-2019-1804

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of...