Lucene search
K

209 matches found

OSV
OSV
added 2023/06/22 12:0 a.m.28 views

ALSA-2023:3780 Important: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

7.5CVSS8.1AI score0.20459EPSS
Exploits3References4
AlmaLinux
AlmaLinux
added 2023/06/14 12:0 a.m.53 views

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7AI score0.20459EPSS
Exploits3References4
OSV
OSV
added 2023/05/24 6:30 p.m.21 views

GHSA-W6F8-MXF5-4VF8 Missing authorization in Liferay portal

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS6AI score0.00744EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/24 6:30 p.m.37 views

Missing authorization in Liferay portal

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS6.7AI score0.00744EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/24 4:15 p.m.34 views

CVE-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS5.8AI score0.00744EPSS
Exploits0References1
OSV
OSV
added 2023/05/24 4:15 p.m.29 views

CVE-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS7.1AI score0.00744EPSS
Exploits0References1
Prion
Prion
added 2023/05/24 4:15 p.m.25 views

Design/Logic Flaw

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

5CVSS7.4AI score0.00744EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/24 3:42 p.m.14 views

CVE-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

5.3CVSS7.1AI score0.00744EPSS
Exploits0References1
CVE
CVE
added 2023/05/24 3:42 p.m.85 views

CVE-2023-33948

The CVE-2023-33948 entry concerns the Dynamic Data Mapping module in Liferay Portal 7.4.3.67 and Liferay DXP 7.4 update 67, where Document and Media files can be downloaded from a Form without proper restrictions, allowing remote attackers to retrieve arbitrary files via crafted URLs. Connected s...

7.5CVSS7.3AI score0.00744EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/24 3:42 p.m.34 views

CVE-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

5.3CVSS7.6AI score0.00744EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.5 views

PT-2023-24590 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal version 7.4.3.67 Liferay DXP 7.4 update 67 Description: The issue allows remote attackers to download any file from Document and Media via a crafted URL, due to the Dynamic Data Mapping module not limiting Document and Media...

7.5CVSS7.3AI score0.00744EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

7.5CVSS7.3AI score0.00744EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.3 views

SUSE CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

3.3CVSS6.9AI score0.01388EPSS
Exploits1References62
0day.today
0day.today
added 2023/01/03 12:0 a.m.418 views

Oracle DBMS_REDACT Dynamic Data Masking Bypass Vulnerability

Proof of concept overview on how the DBMSREDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c. Title: ByPassing DBMSREDACT Dynamic Data Masking security feature in Oracle database system Product: Database Manufacturer: Oracle Affected...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/12/09 12:0 a.m.6 views

The vulnerability of the dynamic data management framework Apache Calcite, related to incorrect restrictions on XML links to external objects, allows attackers to perform XXE attacks.

The vulnerability of the Apache Calcite dynamic data management framework is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using specially created XML code...

10CVSS6.9AI score0.01861EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/15 12:0 p.m.18 views

GHSA-MXVQ-CV4X-P3JW Incorrect Default Permissions in Liferay Portal

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.3CVSS4.3AI score0.00592EPSS
Exploits0References4
OSV
OSV
added 2022/11/15 12:0 p.m.30 views

GHSA-G6X4-57HP-J4XM Authorization Bypass in Liferay Portal

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

4.3CVSS4.3AI score0.00592EPSS
Exploits0References4
OSV
OSV
added 2022/11/15 12:0 p.m.24 views

GHSA-CX84-43XC-3GM2 Improper Certificate Validation in Liferay Portal

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS5.1AI score0.00243EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/11/15 12:0 p.m.25 views

Incorrect Default Permissions in Liferay Portal

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.3CVSS4.7AI score0.00592EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/15 12:0 p.m.31 views

Improper Certificate Validation in Liferay Portal

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS5.4AI score0.00243EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder