CVE-2025-25736

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge ADB pre-installed /mnt/c3platpersistent/opt/platform-tools/adb and enabled by default, allowing unauthenticated root shell access to the cellular modem via the...

CVE-2023-0345

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: CVE-2025-22247: Fixed Insecure file handling bsc1243106 Other fixes: Fixed GCC 15 compile time error bsc1241938 Fixed building with containerd 1.7.25+ bsc1237147 Ensure vmtoolsd.service and vgauthd.service...

PT-2024-23198

Name of the Vulnerable Software and Affected Versions HCL Sametime affected versions not specified Description The issue concerns insecure services in-use on the UIM client by default. Specifically, an unused legacy REST service was enabled by default using the HTTP protocol. This could potential...

SUSE CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

PT-2022-17682 · Apache · Apache Pinot

Name of the Vulnerable Software and Affected Versions: Apache Pinot versions 0.10.0 and earlier Description: The issue is related to the groovy function support in the Pinot query endpoint and realtime ingestion layer, which poses a risk in unprotected environments. The estimated number of...

Mobility 安全漏洞

NetMotion Mobility is a mobile VPN software from NetMotion, Inc. It is used to securely extend corporate networks to mobile environments. A security vulnerability exists in Mobility that stems from a problem with the access controls on the Mobility Read/Write API for validating user access, which...

CVE-2019-15248 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...

CVE-2019-15244 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

kernel-rt: Sending SysRq command via ICMP echo request

A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and...

Server: Privilege escalation in the contacts application

Due to not properly checking the ownership of a single contact, an authenticated attacker is able to download contacts of other users in all ownCloud versions prior to 5.0.5 including the 4.5.x branch. Note: Successful exploitation of this privilege escalation requires the "contacts" app to be...