MiracleLinux 7 : curl-7.29.0-59.el7.2 (AXSA:2023-7014:15)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7014:15 advisory. curl: Use-after-free triggered by an HTTP proxy deny response CVE-2022-43552 Tenable has extracted the preceding description block directly from the...

Exploit for CVE-2024-7014

PoC for-CVE-2024-7014 Exploit Proof of concept for the CVE-202...

Ubuntu: Security Advisory (USN-7014-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : nginx vulnerability (USN-7014-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7014-3 advisory. USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 LTS. Tenable has extracted the preceding description blo...

Ubuntu 16.04 LTS / 18.04 LTS : nginx vulnerability (USN-7014-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7014-2 advisory. USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tenable has...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : nginx vulnerability (USN-7014-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7014-1 advisory. It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directiv...

Important: Red Hat Security Advisory: linux-firmware security update

An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

CVE-2024-7014

CVE-2024-7014 affects Telegram for Android (versions 10.14.4 and older). Root cause: improper multimedia file attachment handling, where an HTML file disguised as a video can be processed as a valid video, enabling code execution on the device. Technical description across sources notes the attac...

CVE-2024-7014 Improper multimedia file attachment validation in Telegram for Android app

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older...

CVE-2024-7014 Improper multimedia file attachment validation in Telegram for Android app

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older...

VulnCheck KEV: CVE-2024-7014

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older...

CVE-2023-7014

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'madebu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data includi...

CVE-2023-7014

CVE-2023-7014 affects the WordPress plugin Molongui Authorship (Author Box, Guest Author, Co-Authors). The root cause is information exposure via the ma_debu parameter, enabling unauthenticated attackers to retrieve sensitive data (post author emails and names) for all versions up to and includin...

CVE-2023-7014 Author Box, Guest Author and Co-Authors for Your Posts – Molongui <= 4.7.4 - Information Exposure via ma_debug

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'madebu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data includi...

WordPress Molongui Plugin <= 4.7.4 is vulnerable to Sensitive Data Exposure

Software Molongui Type Plugin Vulnerable versions = 4.7.4 Fixed in 4.7.5 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7014 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b1a6ad036e9 Credits Krzysztof Zając Required privileg...

CVE-2020-7014 affecting package rubygem-elasticsearch 7.6.0-1

CVE-2020-7014 affecting package rubygem-elasticsearch 7.6.0-1. An upgraded version of the package is available that resolves this issue...

Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana

Summary Vulnerabilities detected in Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw in...

ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +841 more potentially affected by CVE-2020-7014 via org.elasticsearch:elasticsearch (>=7.0.0 <=7.6.1)

org.elasticsearch:elasticsearch MAVEN version =7.0.0, =j8.2.2.0, =1.2.1, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.10.5 and more Source cves: CVE-2020-7014 Source advisory: OSV:GHSA-HQQV-9X3V-MP7W...

cn.detachment:detachment-es-example (=1.0.2-RELEASE), cn.hippo4j:hippo4j-monitor-elasticsearch (>=1.4.1 <=1.5.0) +239 more potentially affected by CVE-2020-7014 via org.elasticsearch:elasticsearch (>=6.7.0 <=6.8.7)

org.elasticsearch:elasticsearch MAVEN version =6.7.0, =1.4.1, =1.4.0, =6.8.4, =6.7.2, =0.9.0.0, =0.9.0.0, =0.9.0.0, =6.7.0.0, =1.0.0-RC1, =1.0.0-RC2 - com.bowriverstudio:fscrawler-elasticsearch-client-v6 =2.6 and more Source cves: CVE-2020-7014 Source advisory: OSV:GHSA-HQQV-9X3V-MP7W...

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to the WebSphere Liberty server, to Node.js runtime and modules and to other open source packages. Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw ...