Virtuozzo Hybrid Server 7.5 Update 7 Hotfix 1 (7.5.7-151)

The Hotfix 1 for Virtuozzo Hybrid Server 7.5 Update 7 provides new features, as well as stability and usability bug fixes. Vulnerability id: PSBM-159866 Fixed an issue with the 'c2v-convert' tool failing while creating a filesystem for a virtual machine's disk. Vulnerability id: PSBM-159824 The...

forgejo -- multiple vulnerabilities

Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...

forgejo -- unauthorized user impersonation

Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate."...

GHSA-V778-237X-GJRC Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate."...

CVE-2024-45337

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

CVE-2024-12286

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials...

CVE-2024-12286 MOBATIME Network Master Clock has a use of default credentials vulnerability

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials...

CVE-2024-12286 MOBATIME Network Master Clock has a use of default credentials vulnerability

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials...

CVE-2024-12286

CVE-2024-12286 affects the MOBATIME Network Master Clock – DTS 4801. The issue is use of default SSH credentials that allow attackers to gain initial access over the network. Exploitation could enable full OS control with high impact on confidentiality, integrity, and availability (per ICS/CTI as...

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

CVE-2024-55560

CVE-2024-55560 affects MailCleaner versions before 28d913e, where the default SSH host keys (ssh_host_dsa_key, ssh_host_rsa_key, ssh_host_ed25519_key) persist after installation. The underlying issue is the continued presence of these default keys, which can enable unauthorized access to the devi...

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

CVE-2024-55560

MailCleaner before 28d913e has default values of sshhostdsakey, sshhostrsakey, and sshhosted25519key that persist after installation...

OESA-2024-2511 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

OESA-2024-2510 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Moxa EDR-G903 Series Routers EDR Cryptographic Issues (CVE-2012-4694)

Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for 1 SSH and 2 SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation...

CVE-2024-11983

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device...

CVE-2024-11983 Billion Electric router - OS Command Injection

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device...