CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script. The vulnerability enables attackers to inject JavaScript via posted parameters (e.g., BOOT_SERVER, BOOT_FILE, BOOT_ROOT, START_ADDR, END_ADDR, DNS1, DNS2, NTP1,...

EUVD-2025-6719

Malicious code in bioql PyPI...

CVE-2025-30234

SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image a Debian 12 LX zone image from 2024-07-26...

Joyent SmartOS 安全漏洞

Joyent SmartOS is an open source UNIX-like operating system from SmartOS Open Source. A security vulnerability exists in Joyent SmartOS that stems from the presence of a static host SSH key in the 60f76fd2-143f-4f57-819b-1ae32684e81b image...

CVE-2024-20350

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...

PT-2024-6439 · Cisco · Cisco Catalyst Center

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst Center versions affected versions not specified Description: A vulnerability in the SSH server could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This issue is due to the presence ...

Cisco Catalyst Center 安全漏洞

Cisco Catalyst Center Cisco DNA Center is a network management system from Cisco USA. A security vulnerability exists in Cisco Catalyst Center that stems from the use of a static SSH host key...

CVE-2023-6482 Encryption key derived from static host information

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a...

CVE-2023-37426 Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

The vulnerability of the authentication mechanism of Cisco Umbrella security cloud service allows a attacker to carry out a “man-in-the-middle” attack.

The vulnerability of the Cisco Umbrella security cloud service authentication mechanism is related to the use of a static host SSH key. Exploiting this vulnerability allows an attacker to carry out a “man-in-the-middle” attack...

Cisco Umbrella 信任管理问题漏洞

Cisco Umbrella is a suite of cloud security platforms from Cisco. The platform prevents cyber threats such as phishing, malware and ransomware. A security vulnerability exists in the Cisco Umbrella Virtual Appliance VA that stems from the presence of a static SSH host key. An attacker could explo...

The vulnerability of Cisco RV320 and Cisco RV325 microprogrammed software lies in the presence of a hard-coded pair of open/closed key H.509 certificates and a static SSH host key, which allows an attacker to elevate their privileges.

The vulnerability of Cisco RV320 and Cisco RV325 router microprogramming software is related to the presence of a tightly encrypted pair of open/closed keys H.509 certificate and a static SSH host key. Exploiting this vulnerability allows an attacker operating remotely to enhance their privileges...

No-IP Windows Dynamic Update Client Detection

The No-IP Windows dynamic update client is installed on the remote Windows host. This software is intended to map a dynamic IP address, such as those found on a residential broadband or dialup connection, to a static host name, such as www.example.com. It can also be abused to host unsanctioned...