PYSEC-2025-1

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

CVE-2024-47571

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials...

CVE-2024-47571

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials...

CVE-2024-47571

Fortinet FortiManager 6.4.12–7.4.0 exposes a post-release reuse/session expiration issue where an operation on a resource after expiration or release can allow an attacker to gain improper access to FortiGate via valid credentials. Affected component is FortiManager CLI/session handling; root cau...

CVE-2024-46667

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections...

CVE-2024-56374

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

CVE-2024-42174

HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames...

CVE-2024-42174

HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames...

CVE-2024-42174

CVE-2024-42174 affects HCL DRYiCE MyXalytics (HCL MyXalytics). The vulnerability is a username enumeration issue that allows a malicious user to enumerate application users and compile a list of valid usernames. Public sources in the connected set confirm the affected product and the basic impact...

CVE-2024-42174 HCL MyXalytics is affected by username enumeration vulnerability

HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames...

CLSA-2025-1736470237 Fix of 32 CVEs

CVE-url: https://ubuntu.com/security/CVE-2021-47466 - mm, slub: fix potential memoryleak in kmemcacheopen CVE-url: https://ubuntu.com/security/CVE-2024-36968 - Bluetooth: L2CAP: Fix div-by-zero in l2capleflowctlinit Bionic update: upstream stable patchset 2021-06-23 LP: 1933375 // CVE- url:...

CVE-2024-56787

In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driverasyncprobe= on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls ofclkgetbyname which returns...

CVE-2023-24011

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

CVE-2023-24011 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

CVE-2024-40702 IBM Cognos Controller improper certificate validation

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation...

CVE-2024-33067

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver...

PT-2025-5656 · Avif · Avif

Name of the Vulnerable Software and Affected Versions: avif affected versions not specified Description: A heap buffer overflow read issue has been identified. The crash occurs in the avifImageAddUUIDProperty function, as indicated by the crash state. Technical details about the issue include the...

MAL-2024-12176 Malicious code in valid-package (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccad71901dd807f11aedc2ca2f34c92319f90ccbf3fea758a765c78eb2ff6bdb Any computer that has this package install...

CVE-2020-12819

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode i...

PT-2024-18957

Name of the Vulnerable Software and Affected Versions: unisharp/laravel-filemanager versions prior to 2.9.1 Description: The issue allows for Remote Code Execution RCE through the use of a valid mimetype and inserting the . character after the php file extension, enabling an attacker to execute...