14823 matches found
CVE-2025-27027
A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions...
libcurl Detection (Linux/Unix SSH Login)
SSH login-based detection of libcurl. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.119058";...
CVE-2025-4663
An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service DoS. The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inlin...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...
SUSE-SU-2025:02279-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...
CVE-2025-24006
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root...
CVE-2025-24005
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...
CVE-2025-27027 Restricted shell evasion in Radiflow iSAP Smart Collector
A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions...
CVE-2025-27027 Restricted shell evasion in Radiflow iSAP Smart Collector
A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions...
PT-2025-28859 · Radiflow · Radiflow Isap Smart Collector
Name of the Vulnerable Software and Affected Versions: Radiflow iSAP Smart Collector version 1.20 Description: The issue allows a user with vpuser credentials to bypass restricted shell rbash limitations and access a full-featured Linux shell when connecting to the device via SSH. This is possibl...
PT-2025-28950 · Ruckus +1 · Smartzone +2
Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to an OS command injection issue through a specific parameter within an API route. Recommendations: Update RUCKUS SmartZone SZ to...
CVE-2025-4663
CVE-2025-4663 describes an Improper Check for Unusual or Exceptional Conditions in Brocade Fabric OS (FOS) before 9.2.2.a. The issue can allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS) when a remote invocation of the remote support utility (supportsave) is interr...
CVE-2025-4663 Denial-of-Service (DoS) after Unusual or Exceptional Conditions vulnerability
An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service DoS. The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inlin...
CVE-2025-24005
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation...
CVE-2025-24006
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root...
CVE-2025-24006
CVE-2025-24006 describes privilege escalation via insecure SSH permissions allowing a low-privilege, local attacker to escalate to root. The central descriptions across sources confirm a local attack vector with SSH‑based permission issues; CVSS 3.1 base score 7.8 (HIGH), with LOCAL attack vector...
CVE-2025-24006 Privilege Escalation via Insecure SSH Permissions
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root...
CVE-2025-24006 Privilege Escalation via Insecure SSH Permissions
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root...
CVE-2025-24005
CVE-2025-24005 is a local privilege escalation affecting the PHOENIX CONTACT CHARX SEC series, caused by an input validation error in a vulnerable script accessible via SSH. An attacker with a local account can escalate to root. The public documents describe the vulnerability and impact but do no...