PT-2025-35557

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control firmware version prior to 2.31F01 contains a hidden API call within the application services that enables SSH and Shellinabox. These services exist b...

Linux Distros Unpatched Vulnerability : CVE-2019-17361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker...

CVE-2025-50753

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" quotes included to the argument of this command will drop a...

Linux Distros Unpatched Vulnerability : CVE-2018-10242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data...

GHSA-694P-3FXC-M92H AiondaDotCom mcp-ssh command injection vulnerability in SSH operations

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...

OESA-2025-2092 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 – Erlang/OTP SSH RCE Vulnerability 📌 Summary...

Security Bulletin: Vulnerability in SSH authorization affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in SSH authorization affects IBM Storage Virtualize products and could allow privilege escalation. CVE-2025-36120. Vulnerability Details CVEID:CVE-2025-36120 DESCRIPTION: IBM Storage Virtualize could allow an authenticated user to escalate their privileges in an SSH sessio...

Linux Distros Unpatched Vulnerability : CVE-2017-17459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL wit...

Linux Distros Unpatched Vulnerability : CVE-2023-46445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a Rogue Extension...

Linux Distros Unpatched Vulnerability : CVE-2021-27022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should...

CVE-2025-50753

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" quotes included to the argument of this command will drop a...

CVE-2025-50753

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" quotes included to the argument of this command will drop a...

Linux Distros Unpatched Vulnerability : CVE-2022-27782

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps...

SUSE CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success-the function may mistakenl...

Linux Distros Unpatched Vulnerability : CVE-2018-7749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customiz...

Linux Distros Unpatched Vulnerability : CVE-2017-12976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated...

Linux Distros Unpatched Vulnerability : CVE-2017-12426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab Community Edition CE and Enterprise Edition EE before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4...

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. "On the first successful login, the package sends the target IP address, username, and passwo...

Linux Distros Unpatched Vulnerability : CVE-2017-18594

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n...