Lucene search
K

112 matches found

CVE
CVE
added 2023/05/24 3:22 p.m.92 views

CVE-2023-33945

SQL injection in the upgrade workflow affects Liferay Portal 7.3.1–7.4.3.17 (SQL Server) and Liferay DXP 7.3 pre-update 6 and 7.4 pre-update 18. The issue allows arbitrary SQL commands via a database table’s primary key index name and is exploitable only when chained with other attacks; exploitat...

8.1CVSS8.4AI score0.00549EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/24 3:22 p.m.15 views

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

6.4CVSS8.7AI score0.00549EPSS
Exploits0References1
OSV
OSV
added 2023/04/11 5:15 p.m.4 views

CVE-2023-22635

A download of code without Integrity check vulnerability CWE-494 in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate...

7.8CVSS7.2AI score0.00121EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.3 views

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. A security vulnerability exists in FortiClient Mac that stems from allowing a local attacker to modify the installer to elevate...

7.8CVSS7.3AI score0.00121EPSS
Exploits0References2
Prion
Prion
added 2023/03/24 4:15 a.m.23 views

Design/Logic Flaw

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

5CVSS5.3AI score0.00168EPSS
Exploits0References1Affected Software2
Code423n4
Code423n4
added 2023/03/10 12:0 a.m.8 views

A malicious actor can create a non malicious plugin, but then simply change the implementation of the plugin repo, allowing him to change the logic and create malicious plugins

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Any developer can create their plugin repo and others can use them to download various plugins. The problem is that the plugin repo's are upgradeable, and the owner access and permissions to upgrade are...

7.3AI score
Exploits0
OSV
OSV
added 2022/11/15 1:15 a.m.6 views

CVE-2022-42124

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...

7.5CVSS5.8AI score0.01232EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.5 views

PT-2022-26270 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.4 Liferay DXP versions 7.2 fix pack 9 through fix pack 18 Liferay DXP version 7.3 before update 4 Liferay DXP version 7.4 GA Description: A ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProce...

7.5CVSS7.4AI score0.01232EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/11/02 6:25 a.m.44 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.12 security update

Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

9.8CVSS6.8AI score0.03054EPSS
Exploits0References44
NVD
NVD
added 2022/08/29 11:15 p.m.24 views

CVE-2022-38625

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position i...

8.8CVSS0.00483EPSS
Exploits0References3
Virtuozzo
Virtuozzo
added 2022/08/15 12:0 a.m.19 views

Virtuozzo Hybrid Infrastructure 5.2 (5.2.0-135)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that enhance compute services, the cluster management and upgrade process, monitoring and alerts, the user interface, and the documentation. Additionally, this release delivers stability improvements and addresses...

0.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/05 9:28 a.m.47 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-32210

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...

6.5CVSS0.7AI score0.0044EPSS
Exploits1Affected Software1
Citrix
Citrix
added 2022/05/16 12:0 a.m.5 views

Citrix Hypervisor 8.2 : MCS Catalog update deletes Target base disks.

Xenserver audit.log throwsERROR:NOTSUPPORTEDDURINGUPGRADE Mar 30 02:38:59 XXXXX xapi: 20220330T00:38:59.214Z|audit||8715 HTTP 10.1.XX.XX-:::80|VDI.setonboot R:780016cf9118|audit 'trackid=39b4363b70f699b0ab419280ab8b4fe2' 'S-1-XXXX-XX-XX-8' 'XX\\XXXXX' 'ALLOWED' 'ERROR:NOTSUPPORTEDDURINGUPGRADE :...

7.1AI score
Exploits0
OSV
OSV
added 2022/05/11 4:15 p.m.4 views

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

7.8CVSS6.1AI score0.00407EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/11 4:15 p.m.6 views

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

7.8CVSS7.5AI score0.00407EPSS
Exploits0References2
NVD
NVD
added 2022/05/11 4:15 p.m.25 views

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

7.8CVSS0.00407EPSS
Exploits0References1
Prion
Prion
added 2022/05/11 4:15 p.m.16 views

Code injection

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

7.2CVSS7.8AI score0.00407EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.4 views

PT-2022-16245 · Check Point · Zonealarm

Name of the Vulnerable Software and Affected Versions: Check Point ZoneAlarm versions prior to 15.8.200.19118 Description: The issue allows a local actor to escalate privileges during the upgrade process. Additionally, weak permissions in the ProgramDataCheckPointZoneAlarmDataUpdates directory...

7.8CVSS8AI score0.00407EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.3 views

Check Point ZoneAlarm 安全漏洞

Check Point ZoneAlarm is a network firewall program from Check Point Israel. A security vulnerability exists in versions prior to Check Point ZoneAlarm 15.8.200.19118. A local attacker exploited the vulnerability to elevate privileges during an upgrade process...

7.8CVSS7.4AI score0.00407EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/11 12:0 a.m.28 views

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

8.1AI score0.00407EPSS
Exploits0References1
Rows per page
Query Builder