NVIDIA DGX OS 安全漏洞

NVIDIA DGX OS is a Linux operating system and cluster management environment for the DGX AI server platform developed by NVIDIA Corporation in the United States. NVIDIA DGX OS contains security vulnerabilities. These vulnerabilities arise from cloning base images during factory configuration...

CVE-2025-68703

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

CVE-2025-68703

CVE-2025-68703 affects the Jervis library used with Jenkins Job DSL and shared pipelines. Prior to version 2.2, the salt for PBKDF2 is derived from the SHA-256 hash of the passphrase, causing two encryption operations using the same password to yield the same derived key. This design enables pre-...

CVE-2025-68703 Jervis has a Salt for PBKDF2 derived from password

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

PT-2026-2496

Name of the Vulnerable Software and Affected Versions Jervis versions prior to 2.2 Description Jervis, a library for Job DSL plugin scripts and shared Jenkins pipeline libraries, is affected by an issue where the salt used in encryption is derived from the SHA256 sum of the passphrase. This means...

EUVD-2021-2147

Malware in sbrugna...

CVE-2025-34211

Vasion Print Virtual Appliance Host (pre-22.0.1049) and Application (pre-20.0.2786) store a private SSL key and its public certificate in cleartext, using the same pl-local.com key across all deployments. With container access, an attacker can read the key to decrypt TLS traffic, perform MITM, or...

UBUNTU-CVE-2024-26924

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: addelem"00000000" timeout 100 ms ... addelem"0000000X" timeout 100 ms...

CVE-2024-29960

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...

SUSE CVE-2024-3623

A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. Th...

CVE-2022-3499

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present...

Design/Logic Flaw

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present...

UVI-2021-1000527 Bluetooth: SMP: Fail if remote and local public keys are identical

Bluetooth: SMP: Fail if remote and local public keys are identical This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.270 by commit...

Unspecified Vulnerability in TeamViewer

TeamViewer is a suite of software for remote control, desktop sharing and file transfer from the German company TeamViewer. A security vulnerability exists in TeamViewer Desktop version 14.7.1965 and prior versions, which stems from different users using the same key during installation. An...

PT-2015-5967 · Mobile Devices · Mobile Devices C4 Obd-Ii Dongle

Name of the Vulnerable Software and Affected Versions: Mobile Devices aka MDI C4 OBD-II dongles versions 2.x through 3.4.x Description: The issue allows remote attackers to gain access by leveraging knowledge of a private key from another installation, as the SSH private keys stored are the same...