Telekom Security

Security Advisory

Security Advisories

As part of the security community, we actively support vulnerability research. Here you can find information about discovered vulnerabilities.

2026

Date Product CVE Vulnerability Type Details
04/2026 PackageKit
  • CVE-2026-41651
  • CWE‑367 (Time‑of‑check Time‑of‑use (TOCTOU) Race Condition)
 Post

2025

Date Product CVE Vulnerability Type Details
11/2025 REDAXO CMS
  • CVE-2025-66026
  • Improper Neutralization of Input During Web Page Generation (CWE‑79)
 Post
11/2025 Janitza UMG 96RM-E firmware versions below 3.14
  • CVE-2025-41709
  • CVE-2025-41710
  • CVE-2025-41711
  • CVE-2025-41712
  • CWE‑78 (Improper Neutralization of Special Elements used in an OS Command)
  • CWE‑798 (Use of Hard‑coded Credentials)
  • CWE‑327 (Use of a Broken or Risky Cryptographic Algorithm)
  • CWE‑732 (Incorrect Permission Assignment for Critical Resource)
 Post
03/2025 SICK DL100-2xxxxxxx all firmware versions
  • CVE-2025-27593
  • CVE-2025-27594
  • CVE-2025-27595
  • CWE‑494 (Download of Code Without Integrity Check)
  • CWE‑319 (Cleartext Transmission of Sensitive Information)
  • CWE‑328 (Use of Weak Hash)
 Post
01/2025 rasa (pip) <3.6.21 and rasa-pro (pip) <3.10.12, <3.9.16, <3.8.18
  • 2024-49375
  • CWE‑94 (Improper Control of Generation of Code ('Code Injection'))
  • CWE‑502 (Deserialization of Untrusted Data)
 Post

2024

Date Product CVE Vulnerability Type Details
12/2024 SharkSSL
  • CVE_2024_53379
  • Buffer Overflow (CWE‑120)
 Post
11/2024 Kanboard
  • CVE-2024-51747
  • CVE-2024-55603
  • Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE‑22)
 Post
11/2024 SharkSSL
  • 2024-48075
  • Buffer Overflow (CWE‑120)
 Post
09/2024 Apple iOS/iPadOS, macOS and more
  • CVE-2024-44126
  • Out‑of‑bounds Write (CWE‑787)
 Post
08/2024 Collabora Office for Android
  • CVE-2024-45045
  • Improper Neutralization of Encoded URI Schemes in a Web Page (CWE‑84)
 Post
08/2024 Moodle
  • CVE-2024-43439
  • Cross‑site Scripting (CWE‑79)
 Post
05/2024 Certain HP LaserJet Pro Printers
  • CVE-2024-5143
  • (Possible) Exposure of Sensitive Information to an Unauthorized Actor (CWE‑200)
 Post
03/2024 LDAP Account Manager (LAM)
  • CVE-2024-23333
  • CVE-2024-52792
  • Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (CWE‑22)
 Post
03/2024 Airmail - Your Mail With You, Airmail for Business
  • N/A
  • Improper Neutralization of Input During Web Page Generation / "Cross‑site Scripting") (CWE‑79)
  • Insecure Storage of Sensitive Information (CWE‑922)
 Post
03/2024 Apple iOS/iPadOS, macOS and more
  • CVE-2024-23246
  • Improper Input Validation (CWE‑20)
 Post
01/2024 Tuta Mail
  • CVE-2024-23655
  • Improper Input Validation (CWE‑20)
 Post
01/2024 Tuta Mail
  • CVE-2024-23330
  • Server‑Side Request Forgery (SSRF) (CWE‑918)
 Post

2023

Date Product CVE Vulnerability Type Details
12/2023 MatrixSSL
  • CVE-2023-24609
  • Integer Overflow or Wraparound (CWE‑190)
 Post
11/2023 Wire AVS as used in Wire Secure Messenger
  • CVE-2023-48221
  • Use of Externally‑Controlled Format String (CWE‑134)
 Post
06/2023 Apple iOS/iPadOS, macOS and more
  • CVE-2023-32401
  • Buffer Copy without Checking Size of Input (CWE‑120)
 Post
05/2023 LibreOffice
  • CVE-2023-0950
  • Improper Validation of Array Index (CWE‑129)
 Post
04/2023 Mozilla Maintenance Service
  • CVE-2023-29532
  • Improper Resource Locking (CWE‑413)
 Post
01/2023 MatrixSSL
  • Integer Overflow or Wraparound (CWE‑190)
 Post

2022

Date Product CVE Vulnerability Type Details
09/2022 Apple iOS/iPadOS, macOS
  • CVE-2022-32854
  • Improper Input Validation (CWE‑20)
 Post

2021

Date Product CVE Vulnerability Type Details
03/2021 SQLCipher
  • CVE-2020-27207
  • NULL Pointer Dereference (CWE‑476)
 Post

2020

Date Product CVE Vulnerability Type Details
11/2020 SQLCipher
  • CVE-2020-27207
  • Use After Free (CWE‑416)
 Post
10/2020 Wire AVS as used in Wire Secure Messenger
  • CVE-2020-27853
  • Use of Externally‑Controlled Format String (CWE‑134)
 Post
07/2020 IBM Maximo Asset Management
  • CVE-2020-4463
  • Improper Restriction of XML External Entity Reference (CWE‑611)
 Post
07/2020 Apple iOS, macOS
  • CVE-2020-9878
  • CVE-2020-9880
  • CVE-2020-9881
  • CVE-2020-9882
  • CVE-2020-9940
  • CVE-2020-9985
  • Heap‑based Buffer Overflow (CWE‑122)
 Post
06/2020 Teamwire (Android)
  • CVE-2020-12621
  • Missing Authentication for Critical Function (CWE‑306)
 Post
05/2020 Ilias
  • N/A
  • Improper Control of Filename for Include/Require Statement in PHP Program (CWE‑98)
  • Exposure of Sensitive Information to an Unauthorized Actor (CWE‑200)
 Post
03/2020 Fortinet FortiClient
  • CVE-2019-17658
  • Unquoted Search Path or Element (CWE‑428)
 Post
01/2020 Juniper Networks Junos Space
  • CVE-2020-1611
  • External Control of File Name or Path (CWE‑73)
 Post

2019

Date Product CVE Vulnerability Type Details
03/2019 axTLS
  • CVE-2019-8981
  • Out‑of‑bounds Write (CWE‑787)
 Post
05/2019 wolfSSL
  • CVE-2019-11873
  • Out‑of‑bounds Write (CWE‑787)
 Post

2018

Date Product CVE Vulnerability Type Details
12/2018 WeBid Directory
  • CVE-2018-1000867
  • CVE-2018-1000868
  • CVE-2018-1000882
  • SQL Injection (CWE‑89)
  • Cross‑site Scripting (CWE‑79)
  • Path Traversal (CWE‑22)
 Post
07/2018 ServiceNow
  • CVE-2018-7748
  • Code Injection (CWE‑94)
 Post
04/2018 Trovebox
  • CVE-2018-1000551
  • CVE-2018-1000552
  • CVE-2018-1000553
  • CVE-2018-1000554
  • SQL Injection (CWE‑89)
 Post

2017

Date Product CVE Vulnerability Type Details
10/2017 Kaltura Video Platform
  • CVE-2017-14141
  • CVE-2017-14142
  • CVE-2017-14143
  • Deserialization of Untrusted Data (CWE‑502)
  • Cross‑site Scripting (CWE‑79)
 Post