CVE-2025-59100

CVE-2025-59100 affects dormakaba access manager. The web interface allows exporting the internal SQLite database; after export an automatic download starts and the device reboots, at which point the exported database is deleted. In some cases the device does not reboot or the export is not delete...

CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

EUVD-2025-206364

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

PT-2026-4757

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21844)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21844 advisory. - In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in...

CONTEX-T: Contextual Privacy Exploitation Via Transformer Spectral Analysis for IoT Device Fingerprinting

The rapid expansion of internet of things IoT devices have created a pervasive ecosystem where encrypted wireless communications serve as the primary privacy and security protection mechanism. While encryption effectively protects message content, packet metadata and statistics inadvertently expo...

Azure Linux 3.0 Security Update: accountsservice (CVE-2012-6655)

The version of accountsservice installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2012-6655 advisory. - An issue exists AccountService 0.6.37 in the userchangepasswordauthorizedcb function in user.c which...

MiracleLinux 4 : thunderbird-78.9.1-1.0.1.AXS4 (AXSA:2021-1692:07)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1692:07 advisory. Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991 Mozilla: A crafted OpenPGP key wit...

MiracleLinux 8 : thunderbird-78.9.1-1.0.1.el8 (AXSA:2021-1686:06)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1686:06 advisory. Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991 Mozilla: A crafted OpenPGP key wit...

MiracleLinux 8 : thunderbird-115.9.0-1.el8_9.ML.1 (AXSA:2024-7670:08)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7670:08 advisory. nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects ...

Milner ImageDirector Capture security vulnerability

Milner ImageDirector Capture is a document collection and digital asset management software developed by the American company Milner. Versions of Milner ImageDirector Capture from 7.0.9.0 to 7.6.3.25808 had security vulnerabilities. These vulnerabilities stemmed from the use of default credential...

Hackers Exploiting PDF24 App to Deploy Stealthy PDFSIDER Backdoor

Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications...

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU's Stack Engine

In this paper, the authors present StackWarp, a software-based architectural attack exploiting the stack engine on AMD Zen CPUs to modify the stack pointer within an SEV-SNP guest, fully breaking integrity...

DEBIAN-CVE-2025-29943

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...

UBUNTU-CVE-2025-29943

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...

CVE-2025-29943

CVE-2025-29943 : AMD CPUs (Zen 1–Zen 5; EPYC) contain a hardware/microarchitectural issue where an admin-privileged host can manipulate the CPU pipeline configuration, potentially corrupting the stack pointer inside a SEV-SNP guest. A PoC titled “StackWarp” demonstrates exploitation by a hypervis...

MiracleLinux 7 : samba-4.2.3-11.el7 (AXSA:2016-023:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-023:01 advisory. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Security issues fixed with this release: CVE-2015-3223 The...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001443)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001443 advisory. An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering destruction of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001071)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001071 advisory. A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. Tenable has extract...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003999)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003999 advisory. An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering destruction of...