EUVD-2025-28635

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-28635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead ...

CVE-2024-28635

CVE-2024-28635 describes a Cross-Site Scripting (XSS) vulnerability in SurveyJS Survey Creator, version 1.9.132 and earlier, caused by improper handling of the title parameter in a form. The issue allows an attacker to execute arbitrary code and potentially access sensitive information via the fo...

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

Details: Cross Site Scripting vulnerability in Survey JS Survey Creator v.1.9.132 and before allows an attacker to execute arbitrary code via the input field parameters of the creator survey section. ------------------------------------------ Vulnerability Type Cross Site Scripting XSS...

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-28635 via vantage6 (>=0.0.0 <=3.9.0rc4)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-28635 Source advisory: OSV:GHSA-7X94-6G2M-3HP2...

CVE-2023-28635

creationtimestamp| type| source ---|---|--- 2023-10-12 00:17:51+00:00| seen| https://t.me/cibsecurity/72151...

CVE-2023-28635 Defining resource name as integer in vantage6 may give unintended access

vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to...

CVE-2023-28635

The CVE-2023-28635 issue affects vantage6 prior to version 4.0.0, where resources named with integers could bypass access controls and allow some users to run algorithms they’re not authorized to. The root cause is a mismatch between resource IDs and names, enabling attackers to exploit numeric i...

CVE-2023-28635 Defining resource name as integer in vantage6 may give unintended access

vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to...

CVE-2022-28635

CVE-2022-28635 affects HPE iLO 5 firmware before 2.71. A local, unprivileged attacker could exploit an isolated process to execute arbitrary code and cause DoS within that process, impacting confidentiality, integrity, and availability of that process. The issue is tied to improper input handling...

CVE-2020-28635

creationtimestamp| type| source ---|---|--- 2022-04-18 20:29:48+00:00| seen| https://t.me/cibsecurity/41047...

CVE-2020-28635

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2020-28635

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

UBUNTU-CVE-2020-28635

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2020-28635

CVE-2020-28635 affects CGAL’s Nef polygon-parsing in the CGAL-5.1.1 package. The entry describes multiple out-of-bounds read vulnerabilities in the Nef parser that can lead to code execution when processing crafted input, specifically mentioning the SNC_io_parser and read_sedge()/facet() paths, a...

CVE-2020-28635

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2020-28635

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

CVE-2021-28635

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user...

CVE-2021-28635

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user...

CVE-2021-28635

CVE-2021-28635 corresponds to a use-after-free vulnerability in Adobe Acrobat/Reader products (Reader DC, Acrobat DC Classic/Continuous, and Acrobat Classic) prior to certain builds. The issue allows arbitrary code execution in the context of the current user and requires a user to open a malicio...