MINI-Q3CW-8378-QMRM

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2017-8378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service...

MAL-2025-8378 Malicious code in @leaffm/leaf-connect-bibado12 (npm)

The package @leaffm/leaf-connect-bibado12 was found to contain malicious code...

CVE-2025-8378

A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attac...

CVE-2025-8378 Campcodes Online Hotel Reservation System Login index.php sql injection

A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attac...

CVE-2025-8378

CVE-2025-8378 affects Campcodes Online Hotel Reservation System 1.0. The vulnerability is a SQL injection in the Login component, exploitable via manipulation of the username/password arguments in /admin/index.php. Impact is described as critical with network-based, low-complexity access and no p...

WordPress Safe SVG Plugin < 2.2.6 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:safesvgproject:safesvg"; ifdescription...

CVE-2024-8378

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

CVE-2024-8378

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

CVE-2024-8378

creationtimestamp| type| source ---|---|--- 2024-11-07 15:18:55+00:00| seen| https://infosec.exchange/users/cve/statuses/113442339897397248 2024-11-07 17:46:18+00:00| seen| https://t.me/cvedetector/10095...

CVE-2024-8378

CVE-2024-8378 relates to the WordPress Safe SVG plugin prior to version 2.2.6. The sanitisation logic only runs for paths that call wp_handle_upload and does not cover code using wp_handle_sideload, which is commonly used to upload attachments via raw POST data. This gap can permit bypass of sani...

CVE-2024-8378 Safe SVG < 2.2.6 - Author+ SVG Sanitisation Bypass

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

CVE-2024-8378 Safe SVG < 2.2.6 - Author+ SVG Sanitisation Bypass

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wphandleupload, but not for example for code that uses wphandlesideload which is often used to upload attachments via raw POST data...

SUSE SLED12 / SLES12 Security Update : podofo (SUSE-SU-2024:3541-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3541-1 advisory. - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection bsc1023190 - CVE-2017-6840: Fixed...

openSUSE Security Advisory (SUSE-SU-2024:3550-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : podofo (SUSE-SU-2024:3550-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3550-1 advisory. - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection bsc1023190 - CVE-2017-6840: Fixed invalid memory read in...

Security update for podofo

This update for podofo fixes the following issues: CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection bsc1023190 CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack colorchanger.cpp bsc1027787 CVE-2017-6841: Fixed NULL pointer dereference in...

CVE-2020-8378

...

CVE-2020-8378

CVE-2020-8378 entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2019-8378

An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over-read exists in AP4BitStream::ReadBytes in Codecs/Ap4BitStream.cpp, a similar issue to CVE-2017-14645. It can be triggered by sending a crafted file to the aac2mp4 binary. It allows an attacker to cause a Denial of Service...