Lucene search
K

625 matches found

Gitee
Gitee
added 2025/07/27 3:38 a.m.88 views

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

Debian OpenSSL Predictable PRNG - - - Links Original URL: http://metasploit.com/users/hdm/tools/debian-openssl/1 Mirror2 Exploit: + https://www.exploit-db.com/exploits/5622/ Perl3 + https://www.exploit-db.com/exploits/5720/ Python4 + https://www.exploit-db.com/exploits/5632/ Ruby12 Recommend Tool...

7.8CVSS6.8AI score0.70721EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2025/07/16 4:11 a.m.4 views

Important: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2025/07/16 12:0 a.m.6 views

Important: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...

8.8CVSS6.1AI score0.00205EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/07/16 12:0 a.m.6 views

RHEL 8 : cloud-init (RHSA-2025:11324)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:11324 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...

8.8CVSS5.6AI score0.00205EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/07/14 12:0 a.m.5 views

Important: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...

8.8CVSS6AI score0.00205EPSS
Exploits0References4
Snyk
Snyk
added 2025/07/09 3:29 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...

8.8CVSS7.7AI score0.00647EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/03 2:22 p.m.3 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the fileUploadHandler process. An attacker can write arbitrary files to the filesystem by supplying crafted values to the fc.Name parameter, which is not properly sanitized, allowing directory traversal. This c...

8.6CVSS8.3AI score
Exploits0References2
OSV
OSV
added 2025/06/10 5:17 p.m.4 views

CVE-2023-29184

An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests...

2.3CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:18 a.m.6 views

CVE-2024-29960

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...

7.5CVSS6.9AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.6 views

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

7.5CVSS6.8AI score0.00612EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.8 views

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

9.8CVSS7AI score0.00562EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:29 a.m.9 views

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible...

5.4CVSS5.8AI score0.6796EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:50 p.m.6 views

CVE-2022-25569

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software...

9.8CVSS7.4AI score0.01133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.7 views

CVE-2019-14926

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with...

9.8CVSS7.3AI score0.02085EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.7 views

CVE-2019-19755

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this...

9.1CVSS6.9AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.7 views

CVE-2019-17584

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32 or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from...

8.5CVSS7.1AI score0.0105EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/10 11:20 a.m.8 views

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

9.3AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:30 p.m.8 views

CVE-2024-12866

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration...

7.5CVSS7.7AI score0.0139EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/21 12:18 a.m.15 views

CVE-2025-30234

SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image a Debian 12 LX zone image from 2024-07-26...

8.3CVSS7AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.4 views

CVE-2024-12866

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration...

7.5CVSS0.0139EPSS
Exploits1References1
Rows per page
Query Builder