20 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-28607
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead ...
CVE-2023-28607
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip...
CVE-2022-28607
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/modusers/controller.php...
CVE-2024-28607
CVE-2024-28607 affects the ip-utils package for Node.js up to version 2.4.0. The root cause is a faulty isPrivate check that can misclassify certain IPs (e.g., 0x7f.1) as globally routable, enabling SSRF. Documented impacts are SSRF risk; no explicit remediation or patch/version guidance is prese...
CVE-2024-28607
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...
CVE-2024-28607
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...
CVE-2024-28607
creationtimestamp| type| source ---|---|--- 2025-03-10 19:36:55+00:00| seen| https://gist.github.com/aydinnyunus/4d71e7d9a433f3afc658724b903f4d23 2025-03-11 08:38:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7117 2025-03-11 11:46:20+00:00| seen|...
CVE-2023-28607
CVE-2023-28607 affects the MISP project. The issue is a cross-site scripting (XSS) vulnerability in the JavaScript file js/event-graph.js (in MISP) that is exploitable via the event-graph relationship tooltip. Affected versions are MISP prior to 2.4.169; upgrading to 2.4.169 or later is recommend...
CVE-2023-28607
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip...
CVE-2022-28607
creationtimestamp| type| source ---|---|--- 2022-12-01 16:45:31+00:00| seen| https://t.me/cibsecurity/53761...
CVE-2022-28607
CVE-2022-28607 concerns an information disclosure in the asith-eranga ISIC tour booking software. The issue arises in the endpoint "/system/user/modules/mod_users/controller.php" where an attacker can potentially obtain sensitive information through the action parameter. Affected software version...
CVE-2020-28607
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...
CVE-2020-28607
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...
CVE-2020-28607
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...
CVE-2020-28607
CGAL CGAL-5.1.1 contains CVE-2020-28607: an out-of-bounds read in Nef polygon parsing (PM_io_parser::read_face() / set_halfedge()) which could lead to code execution. Affected component: Nef polygon data parsing in CGAL. Connected advisories (Debian GLSA 202305-34, DLA-3226) and Gentoo/Nessus ref...
CVE-2021-28607 Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution
Adobe After Effects version 18.2 and earlier is affected by a heap corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue...
CVE-2021-28607 Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution
Adobe After Effects version 18.2 and earlier is affected by a heap corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue...
CVE-2021-28607
CVE-2021-28607 affects Adobe After Effects 18.2 and earlier, with a heap corruption vulnerability when parsing a specially crafted file that could allow arbitrary code execution in the user’s context. Exploitation requires user interaction (victim opens a malicious file). The issue is documented ...
Adobe After Effects < 18.2.1 Multiple Vulnerabilities (APSB21-49)
The version of Adobe After Effects installed on the remote Windows host is prior to 18.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-49 advisory. - Adobe After Effects version 18.2 and earlier is affected by a Heap-based Buffer Overflow vulnerability when...
Microsoft Project资源内存分配远程代码执行漏洞(MS08-018)
BUGTRAQ ID: 28607 CVECAN ID: CVE-2008-1088 Project是微软Office套件中的项目管理和控制组件。 Microsoft Project在打开Project文件时没有正确地验证内存资源分配。如果用户受骗打开了畸形文档,就可能触发这个漏洞,导致执行任意指令。 Microsoft Project 2003 SP2 Microsoft Project 2002 SP1 Microsoft Project 2000 Service Release 1 临时解决方法: 不要打开不可信任来源或可信任来源意外接收到的Microsoft Office文件。...