Astra Linux - уязвимость в hdf5

A vulnerability classified as problematic was discovered in HDF5 1.14.6. This vulnerability affects the function H5Ofsinfoencode in the file /src/H5Ofsinfo.c. The vulnerability leads to a heap-based buffer overflow. An attack can be launched on the local host. The exploit has been disclosed to th...

WordPress Legacy Admin plugin <= 9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Legacy Admin versions = 9.5...

CVE-2025-34261 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicegroups/

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

OPENSUSE-SU-2025:15674-1 java-25-openjdk-25.0.1.0-1.1 on GA media

These are all security issues fixed in the java-25-openjdk-25.0.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

AZL-64278 CVE-2025-6269 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5Creconstructcacheentry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the...

WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Solar Energy versions = 3.5...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2023-38003

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214...

StarWind iSCSI SAN 资源管理错误漏洞

StarWind iSCSI SAN is a kind of iSCSI storage from StarWind, USA. It is suitable for small and medium-sized businesses that need to store and transfer large amounts of data over a network. A resource management error vulnerability exists in versions prior to StarWind iSCSI SAN 3.5 build 2007-08-0...

CVE-2020-27515

A Cross Site Scripting XSS vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field...

DNN Information Disclosure Vulnerability

DNN also known as DotNetNuke is a set of U.S. DNN by Microsoft support , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. DNN formerly DotNetNuke 9.5 version of the embedded...

UBUNTU-CVE-2018-14035

An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VMmemcpyvv in H5VM.c...

CVE-2017-4943

VMware vCenter Server Appliance vCSA 6.5 before 6.5 U1d contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS...

Electronic Funds Source Mobile Driver Source app for iOS Security Vulnerability

Electronic Funds Source EFS Mobile Driver Source app for iOS is an iOS based EFS card management app. A security vulnerability exists in version 2.5 of the EFS Mobile Driver Source app for iOS, which is caused by the program failing to validate an X.509 certificate on the server side of an SSL...

DEBIAN-CVE-2017-7414

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit...

PT-2016-1009 · Google · Android +1

Name of the Vulnerable Software and Affected Versions: Android versions 5.x through 5.1.1 before LMY49F Android versions 6.0 before 2016-01-01 Description: The issue is related to insufficient access control in the Widevine QSEE TrustZone application. It allows attackers to gain privileges via a...

PT-2009-4532 · Drupal · Drupal Taxonomy Manager

Name of the Vulnerable Software and Affected Versions: Drupal Taxonomy manager versions 5.x before 5.x-1.2 Drupal Taxonomy manager versions 6.x before 6.x-1.1 Description: A cross-site scripting XSS issue exists in the administrative page interface of the Taxonomy manager module for Drupal. This...