CVE-2023-2829

CVE-2023-2829 affects BIND 9: named may terminate when synth-from-dnssec is enabled and a zone contains a malformed NSEC record. Affected versions are BIND 9.16.8-S1–9.16.41-S1 and 9.18.11-S1–9.18.15-S1. The issue is caused by parsing/processing of DNSSEC-cache data (NSEC) and can be triggered re...

CVE-2023-2829

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...

Information Disclosure

com.liferay.portal:com.liferay.portal.kernel is vulnerable to Information Disclosure. A remote authorized attacker is able to view the object definition from a second virtual instance because the Object module does not segment object definition by virtual instance in search, resulting in the...

CVE-2023-2801

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

Liferay Portal 7.4.3.4 < 7.4.3.61 Authentication Bypass

The version of Liferay Portal installed on the remote host is 7.4.3.4 = 7.4.3.60. It is, therefore, affected by an authentication bypass vulnerability due to the Object module not segmenting object definition by virtual instance in search. In turn, this allows remote authenticated users in one...

CVE-2023-33947

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching...

Design/Logic Flaw

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching...

CVE-2023-33947

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching...

PT-2023-24588 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.4 through 7.4.3.48 Liferay DXP 7.4 before update 49 Description: The issue allows remote authenticated users in one virtual instance to view objects in a different virtual instance via the OAuth 2 scope...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Unable to Select Clustered Instance When Configuring Backup

Article Applicability This article concerns a behavior observed when using Veeam Plug-in for Microsoft SQL Server. Challenge When selecting Databases to Backup Up, the Instance drop-box does not list an option for cluster \instance; instead , there is only an option for node \instance. In some ra...

Apache Airflow vulnerable to stored Cross-site Scripting

Task instance details page in the UI is vulnerable to stored cross-site scripting. This issue affects Apache Airflow before 2.6.0...

CVE-2023-29247

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

PYSEC-2023-60

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

PYSEC-2023-60

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

CVE-2023-29247 Stored XSS on Apache Airflow

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

CVE-2023-29247 Stored XSS on Apache Airflow

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

Unable to filter Instance Syslog messages over 1 Month in ADM

Customer wanted to audit NetScaler historical instance syslog in ADM, however could only obtain data within 1 Month in GUI page. ADM instance syslog data pruning is configured with 90 days, there should have data age greater than 1 Month. P.S.data pruning configure...