CVE-2021-22254

Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9...

EUVD-2024-2601

Malicious code in bioql PyPI...

EUVD-2023-47337

Malicious code in bioql PyPI...

EUVD-2024-2524

Malicious code in bioql PyPI...

webkitgtk: Insufficient checks leading to arbitrary code execution

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution...

CVE-2024-43377

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2...

CVE-2018-13422

TCExam before 14.1.2 has XSS via an ff or xl field...

Santesoft Sante DICOM Viewer Pro 缓冲区错误漏洞

Santesoft Sante DICOM Viewer Pro is a professional medical image DICOM workstation and viewer from Santesoft. It is used to view, edit and convert DICOM format medical image files. A buffer error vulnerability exists in Santesoft Sante DICOM Viewer Pro 14.1.2 and prior versions, which stems from...

CVE-2024-47458

Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue...

CVE-2024-45147

Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

CVE-2024-45147

Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

CVE-2024-47458 Bridge | NULL Pointer Dereference (CWE-476)

Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue...

Improper Access Control

Overview Affected versions of this package are vulnerable to Improper Access Control due to missing authorization requirements. An authenticated attacker can access unintended endpoints by exploiting the vulnerability. Remediation Upgrade Umbraco.Cms.Api.Management to version 14.1.2 or higher...

Generation of Error Message Containing Sensitive Information

Overview Umbraco.Cms.Web.Common is a package containing the web assembly needed to run Umbraco CMS. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information. An attacker can obtain stack trace information that may include sensitive data by...

Generation of Error Message Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information. An attacker can obtain stack trace information that may include sensitive data by sending crafted requests to the Management API endpoints. Remediation Upgrade...

CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

CVE-2024-43377 Umbraco CMS Improper Access Control vulnerability

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2...

CVE-2024-43377 Umbraco CMS Improper Access Control vulnerability

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2...

CVE-2024-43377 Umbraco CMS Improper Access Control vulnerability

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2...

CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...