CVE-2023-24032

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker who has initial user access to a Zimbra server instance can execute commands as root by passing one of JVM arguments, leading to local privilege escalation LPE...

CVE-2023-37030

A Null pointer dereference vulnerability in the Mobile Management Entity MME in Magma = 1.8.0 fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486 allows network-adjacent attackers to crash the MME via an S1AP Initial UE Message packet missing an expected eNBUES1APID field...

CVE-2023-42449

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

CVE-2022-32294

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password from the "zmprove ca" command. It is visible in cleartext on port UDP 514 aka the syslog port. NOTE: a third party reports that this cannot be reproduced...

CVE-2022-43501

KASAGO TCP/IP stack provided by Zuken Elmic generates ISNsInitial Sequence Number for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones...

CVE-2022-21194

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00...

CVE-2020-27631

In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random...

CVE-2020-11967

In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27633

In FNET 4.6.3, TCP ISNs are improperly random...

CVE-2020-27630

In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random...

CVE-2020-27636

In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random...

CVE-2020-27634

In Contiki 4.5, TCP ISNs are improperly random...

CVE-2016-11066

An issue was discovered in Mattermost Server before 3.2.0. The initialload API disclosed unnecessary personal information...

SUSE CVE-2025-37983

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix another leak failure to allocate inode = leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low...

DEBIAN-CVE-2025-37983

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix another leak failure to allocate inode = leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low...

Redefining IABs: Impacts of compartmentalization on threat tracking and modeling

Cisco Talos has observed a growing trend of attack kill chains being split into two stages -- initial compromise and subsequent exploitation -- executed by separate threat actors. This compartmentalization increases the complexity and difficulty of performing threat modeling and actor profiling...

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management RMM software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entic...

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Cisco Talos identified a spam campaign targeting Brazilian users with commercial remote monitoring and management RMM tools since at least January 2025. Talos observed the use of PDQ Connect and N-able remote access tools in this campaign. The spam message uses the Brazilian electronic invoice...

CLSA-2025-1745836038 Update of els-os-release

Initial package...