CVE-2024-35281

An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variabl...

CVE-2024-35281

An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variabl...

CVE-2024-35281

An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variabl...

CVE-2024-35281

Summary of CVE-2024-35281 : An improper isolation/compartmentalization (CWE-653) vulnerability in Fortinet FortiClientMac (versions 7.4.2 and below; 7.2.8 and below; 7.0 all) and FortiVoiceUCDesktop 3.0 (all versions) may allow an authenticated attacker to inject code via Electron environment var...

Unspecified Vulnerability in Zoom Workplace Apps for Windows

Zoom Workplace Apps for Windows is an official suite of collaboration tools from Zoom that includes core features such as team chat, whiteboards, notes, and more, and is required to be used through a Zoom Meetings account. A security vulnerability exists in Zoom Workplace Apps for Windows, which...

PT-2025-20901

Name of the Vulnerable Software and Affected Versions: FortiClientMac versions 7.0 through 7.4.2 FortiClientMac versions 7.0 through 7.2.8 FortiVoiceUCDesktop version 3.0 Description: An improper isolation or compartmentalization issue may allow an authenticated attacker to inject code via Electr...

Malicious code in python3-shodan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b4fca245262ff8de532efc88e1941697e6994786e09eca8a9cbcdbf9faff5cca Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

CVE-2025-1252

Heap-based Buffer Overflow vulnerability in RTI Connext Professional Core Libraries allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23...

CVE-2025-37879

CVE-2025-37879 affects the Linux kernel 9p/net subsystem (p9_client_write/p9_client_read_once). The root cause is signed negative counts being treated as valid due to signed arithmetic; the fix converts relevant counters to unsigned. This vulnerability can lead to improper handling of bogus negat...

CVE-2025-1252

Heap-based Buffer Overflow vulnerability in RTI Connext Professional Core Libraries allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3., from...

CVE-2025-1253 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow', Stack-based Buffer Overflow vulnerability in RTI Connext Professional Core Libraries allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0...

Ensure That the su Command Inherits the User Environment Variables Without Escalating Privileges

The su command enables a common user to have the permissions of the superuser or other users. It is often used for switching the user from a common user to the root user. The su command provides a convenient way for users to change their identities. However, if the su command is run without...

Terraform WinDNS Provider 命令注入漏洞

Terraform WinDNS Provider is a Norsk rikskringkasting open source tool for managing DNS records in Windows DNS servers using Terraform. A command injection vulnerability exists in Terraform WinDNS Provider versions prior to 1.0.5, which stems from failure to clean up input variables and could lea...

PT-2025-19981 · Hashicorp · Terraform Windns Provider

Name of the Vulnerable Software and Affected Versions: Terraform WinDNS Provider versions prior to 1.0.5 Description: A security issue has been found in the Terraform WinDNS Provider, where the windns record resource did not sanitize the input variables, leading to authenticated command injection...

Docker Desktop < 4.41.0 Information Disclosure Vulnerability

The version of Docker Desktop for Linux is prior to 4.41.0. It is therefore affected by an information disclosure vulnerability. The Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive...

CVE-2023-53121

In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...

SUSE CVE-2023-53121

In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...

CVE-2023-53121

In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...

UBUNTU-CVE-2023-53121

In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...

CVE-2023-53121

The CVE-2023-53121 vulnerability affects the Linux kernel where tcp_rtx_synack() can be invoked from process context, allowing tcp_make_synack() to touch per-CPU data with preemption enabled and trigger a BUG: using __this_cpu_add() in preemptible code. The root cause is a context-inappropriate c...