Astra Linux - уязвимость в qtimageformats-opensource-src

When loading a specially crafted ICNS format image file in QImage, it will cause a crash. This issue affects Qt versions 6.3.0 through 6.5.9, 6.6.0 through 6.8.4, and 6.9.0. This issue has been fixed in versions 6.5.10, 6.8.5, and 6.9.1...

EUVD-2024-28376

Malicious code in bioql PyPI...

CVE-2024-30455

Cross-Site Request Forgery CSRF vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5...

[SECURITY] Fedora 40 Update: kernel-6.8.5-301.fc40

The kernel meta package...

[SECURITY] Fedora 39 Update: kernel-6.8.5-201.fc39

The kernel meta package...

PT-2024-23384 · Gamipress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress versions n/a through 6.8.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the use...

Code injection

Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions...

Pimcore Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in Pimcore...

Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...

Aruba Networks ClearPass Policy Manager 6.7.x < 6.7.13-HF / 6.8.x < 6.8.5-HF / 6.9.x < 6.9.1 Multiple Vulnerabilities (ARUBA-PSA-2020-005)

The remote host is Aruba Networks HP Clearpass Policy Manager version 6.7.x prior to 6.7.13-HF, or 6.8.x prior to 6.8.5-HF, or 6.9.x 6.9.1. It is, therefore, vulnerable to multiple security vulnerabilities as described in the vendor advisory ARUBA-PSA-2020-005. C Tenable Network Security, Inc...

Command injection

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...

CVE-2020-7115

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF...

SSRF via WebDAV endpoint - CVE-2019-3395

There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance. Affected versions: All versions of Confluence Server and Confluence Data Center...

SSRF via WebDAV endpoint - CVE-2019-3395

There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance. Affected versions: All versions of Confluence Server and Confluence Data Center...

CVE-2018-8926

Permissive regular expression vulnerability in synophotodsmuser in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter...

CVE-2017-5553

Cross-site scripting XSS vulnerability in plugins/markdownplugin/markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL...

CVE-2014-3419

CVE-2014-3419 concerns Infoblox NetMRI prior to 6.8.5, where a weak local MySQL credential (default root: root) enables an authenticated OS user to access databases, enabling OS command injection through the affected NetMRI components. Connected sources confirm vulnerable product families include...

Honestech VHS to DVD 3.0.30 Deluxe - Local Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: Honestech VHS to DVD \r\n\ \r\n\ MAINDLG\r\n\ PAGE=0\r\n\ \r\n\ AVICODEC\r\n\ VIDEOCODEC=DivX 6.8.5 Codec 2 Logical CPUs\r\n\ AUDIOCODEC=MPEG Layer-3\r\n\ \r\n\ WMVINFO\r\n\ TITLE= \r\n\ AUTHOR= \r\n\ COPYRIGHT= \r\n\ DESCRIPTION= \r\n\ \r\n\ CAPTUREINFO\r\n...