CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using...

PT-2024-10729 · Ethos · Ethos

Name of the Vulnerable Software and Affected Versions: ethOS versions 1.3.3 and earlier Description: The issue allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io, as the software ships with SSH host keys baked into the installation image. The...

CVE-2019-19751

CVE-2019-19751 affects easyMINE prior to 2019-12-05 where SSH host keys are baked into the installation image. This permits man-in-the-middle attacks and facilitates identifying all public IPv4 nodes via Shodan. Root cause: hard-coded SSH host keys in the installation artefact. Impact: potential ...

CVE-2020-5200

Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using...

CVE-2019-19755

ethOS 1.3.3 and earlier ships with SSH host keys baked into the installation image, enabling MITM attacks and exposing all public IPv4 nodes (e.g., via Shodan). The issue is described consistently across CVE records and Red Hat/NVD/CVE listings. The vendor noted plans to fix this as of 2019-12-01...

CVE-2019-19753

CVE-2019-19753 affects SimpleMiningOS through v1259, where SSH host keys are baked into the installation image. This allows man-in-the-middle attacks and enables easy identification of public IPv4 nodes via Shodan.io. The Red Hat/NVD/CVE entries reiterate the same root cause and note the vendor h...

CVE-2019-19754

CVE-2019-19754 affects HiveOS up to version 0.6-102@191212, where SSH host keys are baked into the installation image. This enables man-in-the-middle attacks and makes identifying all public IPv4 nodes trivial via Shodan. The vulnerability is caused by non-rotatable host keys stored in the image,...

CVE-2019-19752

CVE-2019-19752 affects nvOC up to version 3.2, where SSH host keys are baked into the installation image. This enables man-in-the-middle attacks and could make identifying public IPv4 nodes trivial via Shodan. Public Red Hat advisory confirms the issue and notes the vendor planned a fix in the ne...

PT-2024-10728 · Hiveos · Hiveos

Name of the Vulnerable Software and Affected Versions: HiveOS versions 0.6-102@191212 and earlier Description: The issue allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io, as SSH host keys are baked into the installation image. The vendor...

CVE-2019-19751

easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

ALSA-2024:2504 Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...

Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...

ALSA-2024:2246 Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

RHEL 9 : xorg-x11-server-Xwayland (RHSA-2024:2170)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2170 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Out-of-bounds write in...

RHEL 9 : xorg-x11-server (RHSA-2024:2169)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2169 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical use...

Fedora 40 : golang-x-crypto (2024-0d8d3b8dcc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0d8d3b8dcc advisory. Automatic update for golang-x-crypto-0.18.0-1.fc40. Changelog Tue Jan 9 2024 Mark E. Fuller - 0.18.0-1 - update to v0.18.0, close rhbz2255095 - CVE-2023-4879...

Fedora 40 : doctl (2023-0355346550)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0355346550 advisory. Automatic update for doctl-1.102.0-3.fc40. Changelog Sun Dec 31 2023 Mikel Olasagasti Uranga - Update to 1.102.0 - Closes rhbz2255468 rhbz2255083 Tenable has...

Fedora 40 : python-asyncssh (2023-a3af7820e8)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a3af7820e8 advisory. Automatic update for python-asyncssh-2.14.2-1.fc40. Changelog Thu Dec 21 2023 Georg Sauthoff - 2.14.2-1 - Update to latest upstream version fixes fedora22550...