12 matches found
CVE-2026-33726
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
CVE-2022-41717 affecting package golang for versions less than 1.21.6-1
CVE-2022-41717 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
CVE-2023-34463 Unauthorized users can delete applications in DataEase
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from the possibility th...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from a privilege...
PT-2023-25175 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.8 Description: The issue is related to a missing authorization check, allowing unauthorized users to manipulate a dashboard created by the administrator in an open source data visualization analysis tool...
CVE-2023-1207 HTTP Headers < 1.18.8 - Admin+ SQL Injection
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...
WordPress plugin HTTP Headers SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
Amazon Linux 2 : golang (ALAS-2022-1887)
The version of golang installed on the remote host is prior to 1.18.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1887 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to...
Improper Neutralization of Null Byte or NUL Character
Overview std/os/exec is a Go standard library package std/os/exec Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
NetworkManager security and bug fix update
1:1.18.8-1 - Update to 1.18.8 relase - ifcfg-rh: handle '802-1x.,phase2-ca-path' rh 1841397, CVE-2020-10754 - ifcfg-rh: handle 802-1x.pin properties. 1:1.18.6-4 - ip-tunnel: set cloned-mac-address only for layer2 tunnel devices rh 1832170 1:1.18.6-3 - Update translations rh 1796852 1:1.18.6-2 -...
IDenticard Two-Reader Controller Configuration Manager Cross-Site Scripting Vulnerability
IDenticard Two-Reader Controller is a dual-reader controller from IDenticard Systems, Inc. Configuration Manager is one of the configuration managers. A cross-site scripting vulnerability exists in IDenticard Two-Reader Controller Configuration Manager version 1.18.8 396. A remote attacker can...