CVE-2025-5718

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP...

CVE-2025-5718

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP...

CVE-2025-5454

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

CVE-2025-5454

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...

CVE-2025-5454

Axis ACAP path-traversal vulnerability (CVE-2025-5454) affects Axis OS/ACAP configuration handling on Axis devices. The issue arises from insufficient input validation in ACAP configuration files, enabling potential local path traversal andPrivilege escalation when an Axis device is configured to...

CVE-2025-4645

CVE-2025-4645 affects Axis OS/Axis ACAP handling: an ACAP configuration file with insufficient input validation can lead to arbitrary code execution if an Axis device is configured to allow unsigned ACAP apps and a victim is persuaded to install a malicious ACAP package. The vulnerability is atta...

CVE-2025-4645

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...

CVE-2025-4645

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...

PT-2025-46304

Name of the Vulnerable Software and Affected Versions Axis affected versions not specified Description A malicious ACAP application can obtain admin-level service account credentials utilized by legitimate ACAP applications, potentially allowing for privilege escalation of the malicious ACAP...

PT-2025-46303

Name of the Vulnerable Software and Affected Versions Axis affected versions not specified Description An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This issue is exploitable if the Axis device is configured to allow the installatio...

PT-2025-46307

Name of the Vulnerable Software and Affected Versions Axis Communications ACAP applications affected versions not specified Description ACAP applications may be able to gain elevated privileges due to improper input validation, which could lead to privilege escalation. This is only possible if th...

PT-2025-46310

Name of the Vulnerable Software and Affected Versions Axis Communications affected versions not specified Description An ACAP configuration file has improper permissions and lacks input validation, potentially leading to privilege escalation. Exploitation requires the Axis device to allow the...

PT-2025-46306

Name of the Vulnerable Software and Affected Versions Axis ACAP Application framework affected versions not specified Description The ACAP Application framework may allow for privilege escalation through a symlink attack. Exploitation requires the Axis device to be configured to permit the...

PT-2025-46305

Name of the Vulnerable Software and Affected Versions Axis affected versions not specified Description An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This issue can only be exploited if the Axis...

PT-2025-46309

Name of the Vulnerable Software and Affected Versions Axis Communications devices affected versions not specified Description An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This issue can only be exploited if...

Zoom Workplace VDI Client < 6.3.14 Vulnerability (ZSB-25042)

The version of Zoom Workplace VDI Client installed on the remote host is prior to 6.3.14. It is, therefore, affected by a vulnerability as referenced in the ZSB-25042 advisory. - Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow ...

SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:3985-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3985-1 advisory. - CVE-2025-62594: Fixed unsigned underflow and division-by-zero that can lead to OOB pointer arithmetic and process...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-62594: Fixed unsigned underflow and division-by-zero that can lead to OOB pointer arithmetic and process crash. bsc1252749 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:3985-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-62594: Fixed unsigned underflow and division-by-zero that can lead to OOB pointer arithmetic and process crash. bsc1252749...

SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2025:3956-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3956-1 advisory. - CVE-2025-62594: Fixed unsigned underflow and division-by-zero that can lead to OOB pointer arithmetic and process...