Ericsson
Products
22- Codechecker8 CVEspypi
- 8 CVEs
- 7 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
48| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25660 | Cri | 0.57 | 9.8 | 0.00 | Apr 24, 2026 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user… | ||
| CVE-2024-25010 | Hig | 0.57 | 8.8 | 0.00 | May 22, 2025 | Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution. | ||
| CVE-2025-0636 | Hig | 0.55 | 8.4 | 0.00 | Oct 13, 2025 | EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution. | ||
| CVE-2025-40838 | Hig | 0.49 | 7.5 | 0.00 | Sep 25, 2025 | Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. | ||
| CVE-2024-53827 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2025 | Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation | ||
| CVE-2024-25008 | Med | 0.44 | 6.8 | 0.00 | Aug 16, 2024 | Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated… | ||
| CVE-2025-59174 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation. | ||
| CVE-2026-25659 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists… | ||
| CVE-2026-25658 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists… | ||
| CVE-2026-25657 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the… | ||
| CVE-2024-25009 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2024 | Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. | ||
| CVE-2024-53828 | Med | 0.34 | 5.3 | 0.00 | Apr 1, 2026 | Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation. | ||
| CVE-2024-25011 | Med | 0.34 | 5.3 | 0.00 | Sep 18, 2025 | Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue. | ||
| CVE-2015-2166 | 0.05 | — | 0.26 | Apr 6, 2015 | Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. | |||
| CVE-2021-43339 | 0.04 | — | 0.10 | Nov 3, 2021 | In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created. | |||
| CVE-2003-1442 | 0.03 | — | 0.03 | Dec 31, 2003 | The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. | |||
| CVE-2025-40842 | 0.00 | — | 0.00 | Mar 25, 2026 | Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information. | |||
| CVE-2025-40841 | 0.00 | — | 0.00 | Mar 25, 2026 | Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information. | |||
| CVE-2025-27260 | 0.00 | — | 0.00 | Mar 25, 2026 | Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information | |||
| CVE-2025-40843 | 0.00 | — | 0.00 | Oct 28, 2025 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker… |
- risk 0.57cvss 9.8epss 0.00
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user…
- risk 0.57cvss 8.8epss 0.00
Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution.
- risk 0.55cvss 8.4epss 0.00
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
- risk 0.49cvss 7.5epss 0.00
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.
- risk 0.49cvss 7.5epss 0.00
Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation
- risk 0.44cvss 6.8epss 0.00
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated…
- risk 0.42cvss 6.5epss 0.00
Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
- risk 0.42cvss 6.5epss 0.00
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists…
- risk 0.42cvss 6.5epss 0.00
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists…
- risk 0.42cvss 6.5epss 0.00
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the…
- risk 0.42cvss 6.5epss 0.00
Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation.
- risk 0.34cvss 5.3epss 0.00
Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
- risk 0.34cvss 5.3epss 0.00
Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.
- CVE-2015-2166Apr 6, 2015risk 0.05cvss —epss 0.26
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
- CVE-2021-43339Nov 3, 2021risk 0.04cvss —epss 0.10
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
- CVE-2003-1442Dec 31, 2003risk 0.03cvss —epss 0.03
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
- CVE-2025-40842Mar 25, 2026risk 0.00cvss —epss 0.00
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.
- CVE-2025-40841Mar 25, 2026risk 0.00cvss —epss 0.00
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.
- CVE-2025-27260Mar 25, 2026risk 0.00cvss —epss 0.00
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information
- CVE-2025-40843Oct 28, 2025risk 0.00cvss —epss 0.00
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker…