31 matches found
OESA-2026-2420 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
BELL-CVE-2025-14179
Bulletin has no description...
SUSE-SU-2026:1958-1 Security update for php8
This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776. -...
SUSE SLES16 Security Update : php8 (SUSE-SU-2026:21612-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21612-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...
DEBIAN-CVE-2025-14179
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...
CVE-2025-14179
creationtimestamp| type| source ---|---|--- 2026-05-08 05:51:08+00:00| seen| https://bsky.app/profile/remirepo.net/post/3mlczxuq7ac2w 2026-05-08 08:02:13+00:00| seen| https://bsky.app/profile/slackers.it/post/3mldbcb5xiz22 2026-05-10 07:15:43+00:00| seen|...
Linux Distros Unpatched Vulnerability : CVE-2025-14179
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when...
Debian dsa-6255 : libapache2-mod-php8.2 - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6255 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6255-1 [email protected] https://www.debian.org/securit...
RHEL 10 : tomcat (RHSA-2025:14179)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14179 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS...
Exploit for CVE-2020-14179
CVE-2020-14179 Sensitive data exposure via /secure/QueryComp...
U.S. Dept Of Defense: [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions
Multiple information exposure vulnerabilities were found in a Jira Server instance, allowing unauthenticated attackers to access APIs and system browser functions, leading to unauthorized access to sensitive data. The vulnerability was registered as CVE-2020-14179...
CVE-2019-14179
CVE-2019-14179 is rejected/not used and does not represent an active vulnerability entry.
Information Disclosure ever after CVE-2020-14179/JRASERVER-71536
h3. Issue Summary Unauthorized access to data from the following API even if the public.access.disabled is enabled. /rest/api/2/projectCategory /rest/api/2/resolution /rest/menu/latest/admin h3. Steps to Reproduce - Install Jira 8.13.9 with H2 database - Create a project and some Project categori...
U.S. Dept Of Defense: Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████
Description: Hi, While going through the testing of DoD assets, I have came across a subdomain that is vulnerable to CVE-2020-14179. Some of the internal fields that are exposed are Project, Status, Limits, Creator, Query, Created Date, Updated Date, Resolution Date, etc. References...
U.S. Dept Of Defense: Sensitive data exposure via /secure/███████ endpoint on ████████
The sensitive data exposure vulnerability in the /secure/███████ endpoint on ████████ was identified. The vulnerability allowed unauthenticated attackers to view custom field names and custom SLA names. The vulnerability was caused by CVE-2020-14179...
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2019:14179-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14179-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C...
SUSE: Security Advisory (SUSE-SU-2019:14179-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
U.S. Dept Of Defense: Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179
Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. Impact...
U.S. Dept Of Defense: Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179
Summary: Information Disclosure vulnerability in outdated Jira. Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the...
U.S. Dept Of Defense: Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179
Summary: Information Disclosure vulnerability in outdated Jira. Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the...