CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27423 |
Description:
Nessus Plugin ID 232572 with High Severity
Synopsis
The remote CBL Mariner host is missing one or more security updates.
Description
The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27423 advisory. - Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the :read ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164 (CVE-2025-27423)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/232572
CVSS: HIGH (7.1) EPSS Score: 0.06%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27493 |
Description: A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.
CVSS: HIGH (8.2) EPSS Score: 0.02%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27438 |
Description: A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.02%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27396 |
Description: A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality.
This could allow an authenticated lowly-privileged remote attacker to escalate their privileges.
CVSS: HIGH (8.8) EPSS Score: 0.07%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27395 |
Description: A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files.
CVSS: HIGH (7.2) EPSS Score: 0.11%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27394 |
Description: A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
CVSS: HIGH (7.2) EPSS Score: 0.19%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27393 |
Description: A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
CVSS: HIGH (7.2) EPSS Score: 0.19%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27392 |
Description: A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
CVSS: HIGH (7.2) EPSS Score: 0.19%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-23402 |
Description: A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.
An attacker could leverage this vulnerability to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.02%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-23401 |
Description: A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.02%
March 11th, 2025 (4 months ago)
|