CVE-2025-28035

TOTOLINK A830R V4.1.2cu.5182B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28035

TOTOLINK A830R V4.1.2cu.5182B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28039

CVE-2025-28039 affects TOTOLINK EX1200T (V4.1.2cu.5232_B20210713). A pre-auth remote command execution vulnerability exists in the setUpgradeFW function via the FileName parameter. CVSSv3.1: 9.8 (CRITICAL); Attack Vector: Network; Privileges Required: None; User Interaction: None; Impact: Confide...

CVE-2025-28038

CVE-2025-28038 affects TOTOLINK EX1200T (version 4.1.2cu.5232_B20210713). A pre-auth remote command execution vulnerability exists in the setWebWlanIdx function via the webWlanIdx parameter, enabling remote code execution without authentication. CVSS v3.1 base score is 9.8 (CRITICAL, Network, no ...

CVE-2025-28036

TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

PT-2025-17540 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 4.1.2cu.5182 B20201102 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK...

PT-2025-17570 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLINK A950RG version 4.1.2cu.5161 B20200903 Description: The issue is a pre-auth remote command execution vulnerability. It is located in the setNoticeCfg function and can be exploited through the NoticeUrl parameter. Recommendations: For...

CVE-2025-28036

TOTOLINK A950RG (firmware V4.1.2cu.5161_B20200903) contains a pre-auth remote command execution vulnerability in the setNoticeCfg function via the NoticeUrl parameter. This CVE (CVE-2025-28036) is documented across multiple feeds, with the core detail being arbitrary command execution by a remote...

CVE-2025-28035

CVE-2025-28035 affects TOTOLINK A830R (firmware V4.1.2cu.5182_B20201102). It describes a pre-auth remote code execution vulnerability in the setNoticeCfg function via the NoticeUrl parameter, allowing arbitrary commands to be executed with high impact (per CVSS v3.1: Network, Privileges None, Use...

SUSE CVE-2025-22038

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero numsubauth before subauth is accessed Access psid-subauthpsid-numsubauth - 1 without checking if numsubauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure numsubauth !...

Debian: Security Advisory (DSA-5904-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-4129-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5904-1] libapache2-mod-auth-openidc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5904-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2025 https://www.debian.org/security/faq -...

[SECURITY] [DLA 4129-1] libapache2-mod-auth-openidc security update

Debian LTS Advisory DLA-4129-1 [email protected] https://www.debian.org/lts/security/ Moritz Schlarb April 17, 2025 https://wiki.debian.org/LTS Package : libapache2-mod-auth-openidc Version : 2.4.9.4-0+deb11u5 CVE ID : CVE-2025-31492 Debian Bug : 1102413 A vulnerability has been fixed i...

SUSE SLES15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2025:1324-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1324-1 advisory. - CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. bsc1240893 Tenable has extracted the...

Debian dsa-5904 : libapache2-mod-auth-openidc - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5904 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5904-1 [email protected] https://www.debian.org/security/ Moritz...

DSA-5904-1 libapache2-mod-auth-openidc - security update

Bulletin has no description...

Debian dla-4129 : libapache2-mod-auth-openidc - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4129 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4129-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-32872

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32838

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to rea...