Linux Distros Unpatched Vulnerability : CVE-2026-5295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData...

CVE-2025-5295

creationtimestamp| type| source ---|---|--- 2025-05-28 12:13:51+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqa6iiegwlv2 2025-05-28 13:37:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqad5jjqq227...

CVE-2020-5295

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Issue has...

CVE-2011-5295

Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube Video Converter 1.1.6 allows remote attackers to execute arbitrary code via a long argument...

GHSA-7GJ8-545R-5295 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2020-5295

creationtimestamp| type| source ---|---|--- 2024-11-14 06:07:13+00:00| seen| MISP/7be53586-c369-4f40-9955-821d8b372d1e...

CVE-2024-5295

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-52772 af_unix: fix use-after-free in unix_stream_read_actor()

In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...

openssl security update

1:3.0.7-25.0.1 - Replace upstream references Orabug: 34340177 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evpproperties section in main OpenSSL configuration fi...

CVE-2023-5295

CVE-2023-5295 affects the WordPress plugin Blog Filter (up to version 1.4). Root cause: insufficient input sanitization and output escaping on user-supplied attributes in the vivafbcomment shortcode, allowing stored Cross-Site Scripting. Exploitation requires at least contributor-level authentica...

WordPress Comments by Startbit Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Comments by Startbit Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5295 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 790370410166 Credits István Márton Required...

K6795: ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

Debian DSA-5295-1 : chromium - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5295 advisory. - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security...

Ubuntu: Security Advisory (USN-5295-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5295-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5295-2 advisory. It was discovered that the Packet network protocol implementation in the Linux kernel contained a double- free vulnerability. A local attacker could use...

Ubuntu: Security Advisory (USN-5295-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5295-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5295-1 advisory. It was discovered that the Packet network protocol implementation in the Linux kernel contained a double- free vulnerability. A local attacker could use...

October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)

Exploit Title: October CMS Build 465 - Arbitrary File Read Exploit Authenticated Date: 2020-03-31 Exploit Author: Sivanesh Ashok Vendor Homepage: https://octobercms.com/ Version: Build 465 and below Tested on: Windows 10 / XAMPP / October CMS Build 465 CVE: CVE-2020-5295 echo ''' Authenticated...

CVE-2020-5295

CVE-2020-5295 affects October CMS (october/october composer package) versions 1.0.319–1.0.465. An authenticated backend user with cms.manage_assets permission can read local files on the server. The issue has been fixed in Build 466 (v1.0.466).