CVE-2020-26201

Askey AP5100WDualSIG1.01.097 and all prior versions use a weak password at the Operating System rlx-linux level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH...

CVE-2020-2185

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks...

CVE-2020-20184

GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection...

CVE-2020-15312

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account...

CVE-2020-15313

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account...

CVE-2020-2146

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

CVE-2020-15314

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account...

CVE-2020-15317

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree...

CVE-2020-15318

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree...

CVE-2020-5763

Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt...

CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks...

CVE-2020-24359

HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

CVE-2020-16259

Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user...

CVE-2020-15316

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree...

CVE-2014-8529

McAfee Network Data Loss Prevention NDLP before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2010-5294

Multiple cross-site scripting XSS vulnerabilities in the requestfilesystemcredentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a 1 FTP or 2 SSH connection attempt...

CVE-2012-4898

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...

CVE-2017-20083

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and...

CVE-2019-16552

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...