[SECURITY] Fedora 42 Update: fcitx5-chinese-addons-5.1.10-1.fc42

This provides pinyin and table input method support for fcitx5. Released under LGPL-2.1+. im/pinyin/emoji.txt is derived from Unicode CLDR with modification...

Exploit for CVE-2025-64458

CVE-2025-64458 — Django Redirect DoS on Windows Descriptio...

CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

Inefficient Algorithmic Complexity

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HttpResponseRedirect and HttpResponsePermanentRedirect functions when processing input...

Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

PYSEC-2025-107

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

PYSEC-2025-107

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

CVE-2025-64458

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

CVE-2025-64458

CVE-2025-64458 is a Django IIS/Windows-specific DoS caused by slow NFKC normalization in Python, affecting HttpResponseRedirect, HttpResponsePermanentRedirect, and django.shortcuts.redirect. Affected Django releases: 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. IBM and EU/PC bullet...

CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

Linux Distros Unpatched Vulnerability : CVE-2025-64458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

PT-2025-45118

Name of the Vulnerable Software and Affected Versions Django versions prior to 4.2.26 Django versions prior to 5.1.14 Django versions prior to 5.2.8 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The issue relates to algorithmic...

PT-2025-45105

Name of the Vulnerable Software and Affected Versions MDaemon Mail Server version 23.5.2 Description MDaemon Mail Server version 23.5.2 validates Sender Policy Framework SPF, DomainKeys Identified Mail DKIM, and Domain-based Message Authentication, Reporting & Conformance DMARC using the email...

Astra Linux – Vulnerability in Python 3.11

When an address list is folded, and the separating comma ends up on a folded line that needs to be encoded using Unicode, then the separator itself must also be encoded using Unicode. The expected behavior is that the separating comma remains a plain comma. However, this can lead to the address...

UBUNTU-CVE-2025-40082

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusuni2asc BUG: KASAN: slab-out-of-bounds in hfsplusuni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290...

EUVD-2025-36446

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusuni2asc BUG: KASAN: slab-out-of-bounds in hfsplusuni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290...

CVE-2025-40082 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusuni2asc BUG: KASAN: slab-out-of-bounds in hfsplusuni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290...

CVE-2025-40082

CVE-2025-40082 targets the Linux kernel’s hfsplus code and causes a slab-out-of-bounds read in hfsplus_uni2asc() when listing extended attributes. The issue arises because the expected unicode buffer structure size varies (hfsplus_attr_unistr vs hfsplus_unistr), so a previous fix was insufficient...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in Python.

Summary IBM Virtualization Engine TS7700 is susceptible to two Tampering conditions and one potential Elevation of Privilege issue due to the use of Python CVE-2025-0938, CVE-2025-47273, CVE-2025-1795. TS7700 uses Python to perform operations with the Cloud and internal system configuration tasks...