Linux Distros Unpatched Vulnerability : CVE-2020-28627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead ...

CVE-2023-28627

creationtimestamp| type| source ---|---|--- 2023-03-28 00:37:57+00:00| seen| https://t.me/cibsecurity/60823...

CVE-2023-28627

pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...

CVE-2023-28627 OS Command Injection via GIT_PATH in pymedusa

pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...

CVE-2023-28627 OS Command Injection via GIT_PATH in pymedusa

pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...

CVE-2023-28627

CVE-2023-28627 affects pymedusa prior to 1.0.12. An attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings, leading to arbitrary OS command execution as the pymedusa user. The vulnerability arises from allowing modification of the g...

CVE-2023-28627 OS Command Injection via GIT_PATH in pymedusa

pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...

CVE-2022-28627

creationtimestamp| type| source ---|---|--- 2022-08-12 18:43:38+00:00| seen| https://t.me/cibsecurity/48068...

CVE-2022-28627

Affects HP Integrated Lights-Out 5 (iLO 5) firmware prior to version 2.71. An unprivileged local user can execute arbitrary code, resulting in a complete loss of confidentiality, integrity, and availability. HP has provided a firmware update to resolve this vulnerability (2.71). Multiple connecte...

CVE-2020-28627

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2020-28627

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2020-28627

CVE-2020-28627 affects CGAL libcgal CGAL-5.1.1. The Nef polygon-parsing code contains an out-of-bounds read in SNC_io_parser.h (read_volume) that can lead to type confusion and remote code execution when processing crafted input. Exploitation status is not documented in the provided sources; no i...

CVE-2021-28627

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interacti...

CVE-2021-28627

CVE-2021-28627 affects Adobe Experience Manager Cloud Service and on-prem AEM 6.5.8.0 and below with a Server-Side Request Forgery (SSRF). An authenticated attacker could use SSRF to contact systems blocked by the dispatcher without user interaction. The issue is documented in APSB21-39; remediat...

CVE-2021-28627 Adobe Experience Manager Server-side Request Forgery could lead to Security feature bypass

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interacti...

CVE-2021-28627 Adobe Experience Manager Server-side Request Forgery could lead to Security feature bypass

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interacti...

Adobe Experience Manager 6.5.0.0 < 6.5.9.0 Multiple Vulnerabilities (APSB21-39)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.9.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-39 advisory. - Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a...

Google Android System Information Disclosure Vulnerability (CNVD-2019-28627)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. System is one of the system components. An information disclosure vulnerability exists in System in Android. The vulnerability arises from errors in configuration and other errors in th...