4 matches found
CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...
Oracle Linux 7 : cloud-init (ELSA-2020-3898)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-3898 advisory. - Resolves: bz1574338 CVE-2018-10896 cloud-init: SSH host keys are not regenerated for the new instances rhel-7 - Resolves: bz1812170 CVE-2020-8632...
NewStart CGSL CORE 5.05 / MAIN 5.05 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0151)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys...
Debian DLA-2113-1 : cloud-init security update
CVE-2020-8631 In cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function. CVE-2020-8632 In cloud-init, randuserpassword in cloudinit/config/ccsetpasswords.py has a...