Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS through the cleanipv6address and isvalidipv6address functions, as well as the GenericIPAddressField form field due to improper length validation. An attacker can cause the application to consume excessive resources...

H3C N12 V100R005 安全漏洞

The H3C N12 V100R005 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C N12 V100R005 version that stems from a lack of length validation in the MAC address update function, which could allow an attacker to crash a remote target device or execute arbitrary...

CVE-2024-56374

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

PT-2025-49787

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the drm/amdgpu subsystem related to the validation of userq buffer virtual addresses and sizes. The system requires validation of the userq...

CVE-2024-53269

CVE-2024-53269 affects Envoy proxy. The issue occurs when the Happy Eyeballs sorting algorithm processes non-IP addresses in additional_address, causing a crash in the data plane. Root cause: invalid address types fed into the sort. Affected releases: 1.32.1/1.32.0? (per sources: 1.32.2, 1.31.4, ...

Moderate: Red Hat Security Advisory: python3.9:3.9.21 security update

An update for the python3.9:3.9.21 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: python3:3.6.8 security update

An update for the python3:3.6.8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security update for python3

This update for python3 fixes the following issues: CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Remove -IVendor/ from python-config bsc1231795 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

Security update for python39

This update for python39 fixes the following issues: CVE-2024-11168: Improper validation of IPv6 and IPvFuture addresses bsc1233307. Bug fixes: Remove -IVendor/ from python-config bsc1231795. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

UBUNTU-CVE-2024-53098

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...

CVE-2024-50667

The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks...

Trendnet TEW-820AP 安全漏洞

The TRENDnet TEW-820AP is a router from Trendnet, Inc. A security vulnerability exists in the Trendnet TEW-820AP version 1.01.B01, which stems from an insufficient validation of the ipv6 address, and a stack overflow vulnerability that allows an attacker to construct a payload for an attack...

The vulnerability of the handle_mmio() function in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the handlemmio function in the arch/x86/coco/tdx/tdx.c module of the Linux operating system’s kernel is related to the lack of address validation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error

A flaw was found in Linux kernel tipc. tipcudpaddr2str does not return a nonzero value when UDP media address is invalid, which can result in a buffer overflow in tipcmediaaddrprintf...

Discourse < 3.3.2 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

CLSA-2024-1727895152 php: Fix of 3 CVEs

CVE-2020-7071: fix URL validation with functions like filtervar$url, FILTERVALIDATEURL - CVE-2021-21705: fix URL validation functionality via filtervar function with FILTERVALIDATEURL parameter when an URL with invalid password field can be accepted as valid - CVE-2024-5458: fix early-out for...

kernel: tcp_metrics: validate source addr length

A vulnerability was found in the Linux kernel's tcpmetrics.c, where insufficient validation of the length of the source address for TCP metrics could lead to incorrect memory read out of boundary read...

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...