112 matches found
CVE-2023-33945
SQL injection in the upgrade workflow affects Liferay Portal 7.3.1–7.4.3.17 (SQL Server) and Liferay DXP 7.3 pre-update 6 and 7.4 pre-update 18. The issue allows arbitrary SQL commands via a database table’s primary key index name and is exploitable only when chained with other attacks; exploitat...
CVE-2023-33945
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
CVE-2023-22635
A download of code without Integrity check vulnerability CWE-494 in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate...
Fortinet FortiClient 安全漏洞
Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. A security vulnerability exists in FortiClient Mac that stems from allowing a local attacker to modify the installer to elevate...
Design/Logic Flaw
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...
A malicious actor can create a non malicious plugin, but then simply change the implementation of the plugin repo, allowing him to change the logic and create malicious plugins
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Any developer can create their plugin repo and others can use them to download various plugins. The problem is that the plugin repo's are upgradeable, and the owner access and permissions to upgrade are...
CVE-2022-42124
ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...
PT-2022-26270 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.4 Liferay DXP versions 7.2 fix pack 9 through fix pack 18 Liferay DXP version 7.3 before update 4 Liferay DXP version 7.4 GA Description: A ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProce...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.12 security update
Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...
CVE-2022-38625
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position i...
Virtuozzo Hybrid Infrastructure 5.2 (5.2.0-135)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that enhance compute services, the cluster management and upgrade process, monitoring and alerts, the user interface, and the documentation. Additionally, this release delivers stability improvements and addresses...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-32210
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...
Citrix Hypervisor 8.2 : MCS Catalog update deletes Target base disks.
Xenserver audit.log throwsERROR:NOTSUPPORTEDDURINGUPGRADE Mar 30 02:38:59 XXXXX xapi: 20220330T00:38:59.214Z|audit||8715 HTTP 10.1.XX.XX-:::80|VDI.setonboot R:780016cf9118|audit 'trackid=39b4363b70f699b0ab419280ab8b4fe2' 'S-1-XXXX-XX-XX-8' 'XX\\XXXXX' 'ALLOWED' 'ERROR:NOTSUPPORTEDDURINGUPGRADE :...
CVE-2022-23743
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...
CVE-2022-23743
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...
CVE-2022-23743
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...
Code injection
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...
PT-2022-16245 · Check Point · Zonealarm
Name of the Vulnerable Software and Affected Versions: Check Point ZoneAlarm versions prior to 15.8.200.19118 Description: The issue allows a local actor to escalate privileges during the upgrade process. Additionally, weak permissions in the ProgramDataCheckPointZoneAlarmDataUpdates directory...
Check Point ZoneAlarm 安全漏洞
Check Point ZoneAlarm is a network firewall program from Check Point Israel. A security vulnerability exists in versions prior to Check Point ZoneAlarm 15.8.200.19118. A local attacker exploited the vulnerability to elevate privileges during an upgrade process...
CVE-2022-23743
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...