Home Honeypots Advisories Threat Intel Twitter Logo@DTCERT About

Telekom Security

Home Honeypots Advisories Threat Intel Twitter Logo@DTCERT About

  • Tuta Mail Vulnerability - Client Information Leak

    29 Nov 2024 • Advisories

    An client information leak vulnerability (CVE-2024-23330) has been identified in Tuta Mail. This vulnerability could leak client information by loading external resources in the mail even if disabled.

    Continue Reading →

  • Tuta Mail Vulnerability - DoS

    29 Nov 2024 • Advisories

    A denial of service vulnerability (CVE-2024-23655) has been identified in Tuta Mail. This vulnerability could prevent users from accessing and reading received mails when an attacker sends a manipulated mail.

    Continue Reading →

  • Apple ARKit Vulnerability - Heap Overflow

    27 Nov 2024 • Advisories

    A heap corruption vulnerability (CVE-2024-44126) has been identified in several Apple products that use the ARKit component. This vulnerability could compromise the security of devices when processing a specially crafted file.

    Continue Reading →

  • Remote buffer overflow vulnerability in SharkSSL TLS Client Key Exchange handshake processing

    04 Nov 2024 • Advisories

    A new remote buffer overflow vulnerability (CVE-2024-48075) was discovered in the latest version of the SharkSSL library from 09.09.2024 (https://github.com/RealTimeLogic/SharkSSL) by security evaluators of Deutsche Telekom Security GmbH and Deutsche Telekom AG with modern fuzzing methods.

    View the full advisory

    Continue Reading →

  • Collabora Office for Android - JavaScript Injection via Links

    06 Sep 2024 • Advisories

    A JavaScript Injection vulnerability (CVE-2024-45045) has been identified in Collabora Office for Android, allowing an attacker to execute arbitrary JavaScript within the context of the Android App when a victim opens a specially crafted document.

    Continue Reading →

  • Moodle - Reflected XSS Vulnerability via H5P error message

    28 Aug 2024 • Advisories

    A reflected cross-site scripting (XSS) vulnerability (CVE-2024-43439) has been identified in Moodle, allowing an attacker to execute arbitrary JavaScript within the context of a Moodle website when a victim visits a specially crafted link.

    Continue Reading →

  • Peripheral Sight - Red Teaming with printer CVE-2024-5143

    03 Jul 2024 • Advisories

    In a red team engagement, anything can be a target, and depending on what has already been looted (or not), everything will be a target - even as a form of desperation. In this stage of an engagement, a red team member may have to broaden their vision and should also bring peripherals into their scope, as they may also contain valuable information or loot. This happened during a red team engagement with the DT Security Red Team, which resulted in finding juicy information through a previously unknown CVE on an HP Printer.

    Continue Reading →

  • Airmail App - JavaScript Injection Vulnerability Exposes Sensitive Data

    29 Apr 2024 • Advisories

    A vulnerability has been identified in the popular iOS/macOS email apps “Airmail - Your Mail With You” and “Airmail for Business” that poses a significant risk. The vulnerability, classified as a JavaScript injection combined with an insecurely configured WebView, was present in versions of the apps prior to 5.7.

    Continue Reading →

« 1 2 3 4 5 6 7 8 »
Imprint • Disclaimer • Privacy Policy