PT-2026-6354

Impact On boot, the Pillar container checks for /config/authorized keys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device ...

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-59105

CVE-2025-59105 describes unencrypted flash storage in the dormakaba access manager. With physical access and time, an attacker can desolder, modify, and reflash memory, enabling read/write of critical data (e.g., /etc/passwd, stored certificates, cryptographic keys, PINs) and potentially gain SSH...

PT-2026-4755

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2021-28914

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access...

CVE-2021-28909

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SS...

CVE-2021-28911

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data e.g. device serial number. Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part...

CVE-2024-2469

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...

EUVD-2019-5545

Malware in sbrugna...

EUVD-2021-15562

Malware in sbrugna...

EUVD-2021-15564

Malware in sbrugna...

EUVD-2021-15566

Malware in sbrugna...

EUVD-2015-4239

Malware in sbrugna...

EUVD-2024-27418

Malicious code in bioql PyPI...

CVE-2024-21653

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

PT-2025-20304 · F5 · F5Os

Name of the Vulnerable Software and Affected Versions: F5OS affected versions not specified Description: The issue allows access via SSH key-based authentication even after Appliance Mode is enabled, if the root user had previously configured the system to allow such login. An attacker would need...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by an OpenSSH security vulnerability (CVE-2024-6387)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in OpenSSH which could allow a remote attacker to execute arbitrary commands on the system with root privileges CVE-2024-6387. Vulnerability Details CVEID: CVE-2024-6387 Description: OpenSSH could allow a remote...

Unspecified Vulnerability in D-Link DWR-M972V

The D-Link DWR-M972V is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DWR-M972V version 1.05SSG, which can be exploited by remote attackers to execute arbitrary code via SSH using the root account without restriction...

CVE-2024-2469

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...