Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19753 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using public IPv4. | |||||
| CVE-2019-19750 | 1 Minerstat | 1 Msos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. | |||||
| CVE-2019-10920 | 1 Siemens | 2 Logo\!8 Bm, Logo\!8 Bm Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-10896 | 1 Canonical | 1 Cloud-init | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. | |||||
| CVE-2024-11308 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 5.5 MEDIUM |
| The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. | |||||
| CVE-2024-46889 | 1 Siemens | 1 Sinec Ins | 2024-11-13 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files. | |||||
| CVE-2024-42418 | 1 Avtecinc | 3 Outpost 0810, Outpost 0810 Firmware, Outpost Uploader Utility | 2024-09-04 | N/A | 7.5 HIGH |
| Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information. | |||||
| CVE-2024-41260 | 2024-08-06 | N/A | 7.5 HIGH | ||
| A static initialization vector (IV) in the encrypt function of netbird v0.28.4 allows attackers to obtain sensitive information. | |||||