Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-02-11 | CVE-2025-21126 | Unspecified vulnerability in Adobe Indesign InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition. | 5.5 |
2025-02-11 | CVE-2025-21157 | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2025-02-11 | CVE-2025-21158 | Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Indesign InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2025-02-11 | CVE-2025-24472 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Fortinet Fortios and Fortiproxy An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. | 9.8 |
2025-02-11 | CVE-2024-13813 | Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Secure Access Client Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | 7.1 |
2025-02-11 | CVE-2024-13830 | Cross-site Scripting vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. | 6.1 |
2025-02-11 | CVE-2024-13842 | Use of Hard-coded Cryptographic Key vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | 4.4 |
2025-02-11 | CVE-2024-13843 | Cleartext Storage of Sensitive Information vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | 4.4 |
2025-02-11 | CVE-2024-47908 | OS Command Injection vulnerability in Ivanti Cloud Services Appliance OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
2025-02-11 | CVE-2025-22467 | Stack-based Buffer Overflow vulnerability in Ivanti Connect Secure A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | 8.8 |