EUVD-2023-51437

Malicious code in bioql PyPI...

PT-2025-27443 · Mikrotik · Mikrotik Routeros

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS versions prior to 7.14 Description: A misconfiguration in the default settings of MikroTik RouterOS allows incoming IPv6 UDP traceroute packets. Recommendations: For versions prior to 7.14, update to version 7.14 or later to...

Cesanta Mongoose Web Server 安全漏洞

Cesanta Mongoose Web Server is a cross-platform embedded server and web library written in C from Cesanta Ireland. A security vulnerability exists in Cesanta Mongoose Web Server version v7.14, which stems from the presence of out-of-range pointer offsets, which could allow an attacker to send...

DEBIAN-CVE-2024-6781

Path traversal in Calibre = 7.14.0 allow unauthenticated attackers to achieve arbitrary file read...

BIT-GITLAB-2023-2200 Improper Encoding or Escaping of Output in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...

SalesAgility SuiteCRM Code Injection Vulnerability

Salesagility SalesAgility SuiteCRM is a suite of enterprise-grade, open source Customer Relationship Management CRM from Salesagility UK. A security vulnerability exists in SalesAgility SuiteCRM versions 7.14.x prior to 7.14.2 and 7.12.x prior to 7.12.14 that stems from the presence of a code...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions 7.14.x prior to 7.14.2 and 7.12.x prior to 7.12.14 that stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability...

Atlassian Confluence 7.14.x < 7.19.9 Read Only User Attachment Uploads

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.13.17, 7.14.0 prior to 7.19.9 or 7.20 prior to 8.2.2. It is, therefore, affected by a flaw which permits remote attackers with read only permissions to a page to upload...

CVE-2023-2200

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...

CVE-2023-2200

Removed by vendor...

GitLab 7.14 < 15.3.5 / 15.4 < 15.4.4 / 15.5 < 15.5.2 (CVE-2022-3706)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take...

Vulnerabilities fixed in ElasticSearch

Elastic has fixed vulnerabilities in the Elastic Stack. A authenticated malicious person could exploit the vulnerabilities to obtain sensitive information or bypass a security measure. The vulnerabilities are located in Elasticsearch itself and in the Elastic App Search API. Elastic has released...

CVE-2020-26563

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...

CVE-2020-26563

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...

CVE-2019-8746

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows...

Cross site scripting

A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting...

CVE-2019-8763

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary...

Memory corruption

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution...

Memory corruption

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution...

UBUNTU-CVE-2019-8719

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting...