77 matches found
MiracleLinux 8 : librepo-1.11.0-3.el8 (AXSA:2020-543:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-543:01 advisory. librepo: missing path validation in repomd.xml may lead to directory traversal CVE-2020-14352 CVE-2020-14352: A flaw was found in librepo in versions before...
CVE-2025-14352
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...
CVE-2025-14352
creationtimestamp| type| source ---|---|--- 2026-01-07 11:22:12+00:00| seen| https://gist.github.com/Darkcrai86/91b95fd86b4fed0e24547f3c2846a067...
CVE-2025-14352 Awesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...
CVE-2019-14352
In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crmcommunity/crmuserviewsales//accountnew with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended export...
Alibaba Cloud Linux 3 : 0087: librepo (ALINUX3-SA-2021:0087)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0087 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-14352: A flaw was found in librepo in...
Linux Distros Unpatched Vulnerability : CVE-2018-14352
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imapquotestring in imap/util.c does not leave room for quote characters, leading to...
SUSE CVE-2020-14352
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system v...
Ubuntu: Security Advisory (USN-3719-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2020-0429)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.05 / MAIN 5.05 : librepo Vulnerability (NS-SA-2021-0170)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has librepo packages installed that are affected by a vulnerability: - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository...
Advisory ROSA-SA-2021-1886
Software: librepo 1.8.1 OS: Cobalt 7.9 CVE-ID: CVE-2020-14352 CVE-Crit: HIGH CVE-DESC: A bug was discovered in librepo in versions prior to 1.12.1. A directory traversal vulnerability was discovered where paths in remote repository metadata could not be cleared. An attacker controlling a remote...
SUSE: Security Advisory (SUSE-SU-2018:2403-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2085-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1196-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2084-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for librepo (openSUSE-SU-2021:0277-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Huawei EulerOS: Security Advisory for librepo (EulerOS-SA-2021-1655)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for librepo (EulerOS-SA-2021-1607)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : librepo Vulnerability (NS-SA-2021-0049)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has librepo packages installed that are affected by a vulnerability: - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository...