CVE-2025-11906

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

CVE-2025-54546

On affected platforms, restricted users could use SSH port forwarding to access host-internal services...

CVE-2025-54547

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

CVE-2025-11906

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

EUVD-2025-36972

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

EUVD-2025-36726

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

PT-2025-44491

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1 Description Nagios XI versions prior to 2024R1 have a missing access control issue through the Web SSH Terminal. A remote attacker with low privileges could access or interact with the terminal interface...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI prior to version 2024R1, which stems from a lack of access...

CVE-2025-54547

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

CVE-2025-54547 On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...

CVE-2025-54546 On affected platforms, restricted users could use SSH port forwarding to access host-internal services

On affected platforms, restricted users could use SSH port forwarding to access host-internal services...

Arista DANZ Monitoring Fabric 安全漏洞

Arista DANZ Monitoring Fabric is a traffic monitoring, security, and performance analytics platform from Arista USA. A security vulnerability exists in Arista DANZ Monitoring Fabric that stems from improperly configured SSH session multiplexing, which could result in file system operations being...

PQC Key Exchange (KEX) Algorithm(s) Supported (SSH)

The remote SSH server is configured to allow / support at least ONE Post-Quantum Cryptography PQC key exchange KEX algorithms. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

EUVD-2025-36505

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

CVE-2025-1037

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

CVE-2025-1037

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

CVE-2025-1037

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

CVE-2025-1037

CVE-2025-1037 affects Hitachi TropOS 4th Gen. The Red Hat, NVD, ENISA/EUVD, CIRCL sighting entries describe a vulnerability in the device’s web-based configuration utility (notably the Logging page) where an authenticated, low-privileged user who can run user-level shell commands can abuse script...

CVE-2025-1036

Summary: CVE-2025-1036 describes a command injection in the Logging page of the TropOS 4th Gen web-based configuration utility. An authenticated, low-privileged user with network access to the configuration utility can execute arbitrary OS commands, potentially gaining root SSH access to the devi...