Lucene search
K

112 matches found

CNNVD
CNNVD
added 2024/09/18 12:0 a.m.3 views

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic version 1.1.3 and prior versions, which stems from a lack of access control in the use...

7CVSS6.7AI score0.00289EPSS
Exploits0References2
Citrix
Citrix
added 2024/07/13 12:0 a.m.7 views

Applying Security Hotfixes to XenServer on NetScaler SDX Appliance with Software Release 9.3 and 10

This article describes how to apply the hotfixes required to remediate the security vulnerabilities detailed in security bulletin CTX134876 -Citrix NetScaler SDX Multiple Security Updates. Determining the Version of XenServer on the NetScaler SDX Appliance To determine what version of XenServer y...

7.3AI score
Exploits0
OSV
OSV
added 2024/05/02 1:23 p.m.5 views

CVE-2024-23461

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...

5.5CVSS5.8AI score0.0011EPSS
Exploits0References1
CVE
CVE
added 2024/05/02 1:11 p.m.59 views

CVE-2024-23461

CVE-2024-23461 affects Zscaler Client Connector on macOS prior to 3.4. The issue is an improper validation of integrity check values during the upgrade process, which may allow local code execution. Affected product: Zscaler Client Connector for macOS (pre-3.4). Impact per provided details: local...

5.5CVSS7AI score0.0011EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.3 views

PT-2024-19884 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector on MacOS versions prior to 3.4 Description: An issue with improper validation of integrity check values in the upgrade process may allow local execution of code. This issue is related to the Zscaler Client Connector o...

4.2CVSS7.1AI score0.0011EPSS
Exploits0References4
OSV
OSV
added 2024/01/31 3:18 p.m.18 views

BIT-LIFERAY-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

8.1CVSS7.6AI score0.00549EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2024/01/09 8:0 a.m.59 views

January 9, 2024—KB5034173 (Monthly Rollup)

January 9, 2024—KB5034173 Monthly Rollup REMINDER Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance and have moved to Azure to protect their Windows Server 20...

8.8CVSS7.1AI score0.17168EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 10:36 a.m.32 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands that use S3 storage are vulnerable to security restrictions bypass due to [CVE-2023-46234]

Summary Node.js module browserify-sign is used by IBM App Connect Enterprise Certified Container Dashboards for accessing S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that access bar files in S3 storage are vulnerable to security restrictions bypass. This bulletin...

7.5CVSS6.8AI score0.00508EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2023/12/03 11:55 p.m.43 views

Upgrade Tomcat to fix CVE-2023-46589

h3. Issue Summary Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a newer version to fix CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589 Jira 9.0.x to 9.12 currently come bundled with a version of Tomcat which is vulnerable. Jira 8.x.x currently come bundled with ...

7.5CVSS7AI score0.02651EPSS
Exploits0
CNNVD
CNNVD
added 2023/11/23 12:0 a.m.4 views

Dell Command | Configure Security Vulnerability

Dell Command | Configure is an application from Dell USA that provides configuration capabilities for business client platforms. The program contains both a command line interface and a graphical user interface for configuring various BIOS features. A security vulnerability exists in Dell Command...

7.8CVSS6.9AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2023/10/25 6:17 p.m.4 views

CVE-2023-46371

TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin...

9.8CVSS5.8AI score0.01123EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/29 1:30 p.m.30 views

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to a xml2js vulnerability (CVE-2023-0842)

Summary Xmljs is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the...

5.3CVSS6AI score0.01404EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.180 views

Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation (cisco-sa-ac-csc-privesc-wx4U4Kw)

The version of Cisco AnyConnect Secure Mobility Client installed on the remote host is prior to 4.10.07061. It is, therefore, affected by a privilege escalation vulnerability that exists because improper permissions are assigned to a temporary directory that is created during the upgrade process...

7.8CVSS7.7AI score0.05374EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2023/05/25 1:47 p.m.18 views

Cynet Protects Hospital From Lethal Infection

A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP a...

7.3AI score
Exploits0
OSV
OSV
added 2023/05/24 6:30 p.m.49 views

GHSA-G7VW-43XG-8M4H SQL injection in Liferay Portal

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

8.1CVSS7.6AI score0.00549EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/24 6:30 p.m.73 views

SQL injection in Liferay Portal

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

8.1CVSS8.5AI score0.00549EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/24 4:15 p.m.29 views

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

8.1CVSS7.4AI score0.00549EPSS
Exploits0References1
OSV
OSV
added 2023/05/24 4:15 p.m.21 views

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

8.1CVSS8.6AI score0.00549EPSS
Exploits0References1
Prion
Prion
added 2023/05/24 4:15 p.m.22 views

Sql injection

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

5.1CVSS8.4AI score0.00549EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/24 3:22 p.m.20 views

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

6.4CVSS8.7AI score0.00549EPSS
Exploits0References1
Rows per page
Query Builder