Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: python313Packages.f5-icontrol-rest

Found 6 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
Permalink CVE-2025-62340
3.1 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 2 days, 7 hours ago by @LeSuisse Activity log
  • Created suggestion 2 days, 11 hours ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 days, 7 hours ago
HCL iControl was affected by Inadequate Session Timeout vulnerability

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity

Affected products

iControl
  • ==v4.2.0

Matching in nixpkgs

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2025-52612
7.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 1 day ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 1 day ago
HCL iControl was affected by Export CSV - CSV Injection vulnerability.

HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .

Affected products

iControl
  • ==4.0.0

Matching in nixpkgs

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2025-52611
3.1 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 1 day ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 1 day ago
HCL iControl was affected by Unhandled Exception - Stack Trace Disclosure vulnerability

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined. This issue likely stems from one of the following: A missing or improperly initialized object.

Affected products

iControl
  • ==4.0.0

Matching in nixpkgs

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2025-52608
3.1 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 1 day ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 1 day ago
HCL iControl was affected by Missing Cookie Attributes vulnerability.

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

Affected products

iControl
  • ==4.0.0

Matching in nixpkgs

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2025-52609
3.7 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 1 day ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 1 day ago
HCL iControl was affected by Missing Security Headers vulnerability.

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.

Affected products

iControl
  • ==4.0.0

Matching in nixpkgs

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2025-52606
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 1 day ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 1 day ago
HCL iControl was affected by Weak Input Validation vulnerability. .

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Affected products

iControl
  • ==4.0.0

Matching in nixpkgs

Package maintainers