/">Home */}} Home Honeypots Advisories @DTCERT About

Telekom Security

Home Honeypots Advisories @DTCERT About
  • Rasa (un)authenticated Remote Code Execution via remote model loading (CVE-2024-49375)

    01 Apr 2025 • Advisories • Writeup

    During an internal penetration test a product was checked which uses Rasa to build a conversational AI. A mixture of penetration testing and source code analysis led to the discovery of an (un)authenticated Remote Code Execution.

    Continue Reading →

  • Multiple critical vulnerabilities in SICK DL100-2xxxxxxx Products

    14 Mar 2025 • Advisories

    Several vulnerabilities were discovered during testing of a DL100 device.

    Continue Reading →

  • Remote code execution in LDAP Account manager through CVE-2024-23333 (Exploiting web applications Part I)

    14 Jan 2025 • Advisories • Writeup

    During red teaming engagements, the first step is to gain a foothold in the client’s network. That might happen through a phishing attempt, malicious payloads, physical access to the client’s site or an assumed breach. But what happens once you got access to the network?

    Continue Reading →

  • Remote buffer overflow vulnerability in SharkSSL TLS handshake processing

    19 Dec 2024 • Advisories

    A new remote buffer overflow vulnerability was discovered in the latest version of the SharkSSL library from 05.05.2024 (https://github.com/RealTimeLogic/SharkSSL) by security evaluators of Deutsche Telekom Security GmbH and Deutsche Telekom AG with modern fuzzing methods.

    Continue Reading →

  • Tuta Mail Vulnerability - Client Information Leak

    29 Nov 2024 • Advisories

    An client information leak vulnerability (CVE-2024-23330) has been identified in Tuta Mail. This vulnerability could leak client information by loading external resources in the mail even if disabled.

    Continue Reading →

  • Tuta Mail Vulnerability - DoS

    29 Nov 2024 • Advisories

    A denial of service vulnerability (CVE-2024-23655) has been identified in Tuta Mail. This vulnerability could prevent users from accessing and reading received mails when an attacker sends a manipulated mail.

    Continue Reading →

  • Apple ARKit Vulnerability - Heap Overflow

    27 Nov 2024 • Advisories

    A heap corruption vulnerability (CVE-2024-44126) has been identified in several Apple products that use the ARKit component. This vulnerability could compromise the security of devices when processing a specially crafted file.

    Continue Reading →

  • Remote buffer overflow vulnerability in SharkSSL TLS Client Key Exchange handshake processing

    04 Nov 2024 • Advisories

    A new remote buffer overflow vulnerability (CVE-2024-48075) was discovered in the latest version of the SharkSSL library from 09.09.2024 (https://github.com/RealTimeLogic/SharkSSL) by security evaluators of Deutsche Telekom Security GmbH and Deutsche Telekom AG with modern fuzzing methods.

    View the full advisory

    Continue Reading →

« 1 2 3 4 5 6 7 »
Imprint • Disclaimer • Privacy Policy