112 matches found
Mautic 安全漏洞
Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic version 1.1.3 and prior versions, which stems from a lack of access control in the use...
Applying Security Hotfixes to XenServer on NetScaler SDX Appliance with Software Release 9.3 and 10
This article describes how to apply the hotfixes required to remediate the security vulnerabilities detailed in security bulletin CTX134876 -Citrix NetScaler SDX Multiple Security Updates. Determining the Version of XenServer on the NetScaler SDX Appliance To determine what version of XenServer y...
CVE-2024-23461
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...
CVE-2024-23461
CVE-2024-23461 affects Zscaler Client Connector on macOS prior to 3.4. The issue is an improper validation of integrity check values during the upgrade process, which may allow local code execution. Affected product: Zscaler Client Connector for macOS (pre-3.4). Impact per provided details: local...
PT-2024-19884 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on MacOS versions prior to 3.4 Description: An issue with improper validation of integrity check values in the upgrade process may allow local execution of code. This issue is related to the Zscaler Client Connector o...
BIT-LIFERAY-2023-33945
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
January 9, 2024—KB5034173 (Monthly Rollup)
January 9, 2024—KB5034173 Monthly Rollup REMINDER Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance and have moved to Azure to protect their Windows Server 20...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands that use S3 storage are vulnerable to security restrictions bypass due to [CVE-2023-46234]
Summary Node.js module browserify-sign is used by IBM App Connect Enterprise Certified Container Dashboards for accessing S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that access bar files in S3 storage are vulnerable to security restrictions bypass. This bulletin...
Upgrade Tomcat to fix CVE-2023-46589
h3. Issue Summary Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a newer version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589 Jira 9.0.x to 9.12 currently come bundled with a version of Tomcat which is vulnerable. Jira 8.x.x currently come bundled with ...
Dell Command | Configure Security Vulnerability
Dell Command | Configure is an application from Dell USA that provides configuration capabilities for business client platforms. The program contains both a command line interface and a graphical user interface for configuring various BIOS features. A security vulnerability exists in Dell Command...
CVE-2023-46371
TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin...
Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to a xml2js vulnerability (CVE-2023-0842)
Summary Xmljs is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the...
Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation (cisco-sa-ac-csc-privesc-wx4U4Kw)
The version of Cisco AnyConnect Secure Mobility Client installed on the remote host is prior to 4.10.07061. It is, therefore, affected by a privilege escalation vulnerability that exists because improper permissions are assigned to a temporary directory that is created during the upgrade process...
Cynet Protects Hospital From Lethal Infection
A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP a...
GHSA-G7VW-43XG-8M4H SQL injection in Liferay Portal
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
SQL injection in Liferay Portal
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
CVE-2023-33945
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
CVE-2023-33945
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
Sql injection
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
CVE-2023-33945
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...