PHOENIX CONTACT FL SWITCH 安全漏洞

PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A security vulnerability exists in PHOENIX CONTACT FL SWITCH versions prior to 3.50, which stems from the SSH feature that allows the execution of commands that may result in degraded performance of...

PT-2025-49812

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

GO-2025-4181 step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates

step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates...

CVE-2025-27020 Improper configuration of SSH service in Infinera MTC-9

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...

CVE-2025-27020 Improper configuration of SSH service in Infinera MTC-9

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...

EUVD-2025-201700

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...

Infinera MTC-9 安全漏洞

Infinera MTC-9 is a modular controller from Infinera USA. A security vulnerability exists in Infinera MTC-9 version R22.1.1.0275 through versions prior to R23.0, which stems from a misconfiguration of the SSH service that could result in the execution of arbitrary commands and access to file syst...

Firebird SQL Detection Consolidation

Consolidation of Firebird SQL detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

Characterizing Large-Scale Adversarial Activities through Large-Scale Honey-Nets

The increasing sophistication of cyber threats demands novel approaches to characterize adversarial strategies, particularly those targeting critical infrastructure and IoT ecosystems. This paper presents a longitudinal analysis of attacker behavior using HoneyTrap, an adaptive honeypot framework...

CVE-2025-8148

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

CVE-2025-8148

CVE-2025-8148 concerns Fortra’s GoAnywhere MFT; all connected sources describe an improper access control in the SFTP service for versions prior to 7.9.0. Web users who have an Authentication Alias and a valid SSH key but are restricted to password authentication can still log in using their SSH ...

Security Bulletin: Multiple vulnerabilities in IBM QRadar SIEM

Summary Multiple vulnerabilities were addressed in IBM QRadar SIEM version 7.5.0 UP14 IF02 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.9.0, which stems from improper access control of the SFTP service, and could result in a Web user logging in with an SSH key...

PT-2025-49314

Name of the Vulnerable Software and Affected Versions GoAnywhere MFT versions prior to 7.9.0 Description An improper access control exists in the SFTP service. This affects web users who have an authentication alias and a valid SSH key, but are limited to password authentication for SFTP. These...

CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

OPENSUSE-SU-2025:20138-1 Security update for act

This update for act fixes the following issues: - CVE-2025-47913: Prevent panic in embedded golang.org/x/crypto/ssh/agent client when receiving unexpected message types for key listing or signing requests boo1253608...

CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization during the SSH certificate revocation when the SSHPOP provisioner is configured. An attacker can revoke SSH certificates without proper authorization by exploiting insufficient checks during the revocation proces...

CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...