Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10896 | 1 Canonical | 1 Cloud-init | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. | |||||
| CVE-2024-11308 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 5.5 MEDIUM |
| The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. | |||||
| CVE-2024-46889 | 1 Siemens | 1 Sinec Ins | 2024-11-13 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files. | |||||
| CVE-2024-20280 | 2024-10-31 | N/A | 6.3 MEDIUM | ||
| A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key. | |||||
| CVE-2024-38314 | 2024-10-25 | N/A | 5.9 MEDIUM | ||
| IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. | |||||
| CVE-2024-20350 | 2024-09-26 | N/A | 7.5 HIGH | ||
| A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials. | |||||
| CVE-2024-42418 | 1 Avtecinc | 3 Outpost 0810, Outpost 0810 Firmware, Outpost Uploader Utility | 2024-09-04 | N/A | 7.5 HIGH |
| Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information. | |||||
| CVE-2024-41260 | 2024-08-06 | N/A | 7.5 HIGH | ||
| A static initialization vector (IV) in the encrypt function of netbird v0.28.4 allows attackers to obtain sensitive information. | |||||