6 matches found
PT-2025-52599
Name of the Vulnerable Software and Affected Versions PHP versions 8.1.0 through 8.1.33 PHP versions 8.2.0 through 8.2.29 PHP versions 8.3.0 through 8.3.28 PHP versions 8.4.0 through 8.4.15 PHP versions 8.5.0 Description When using the PDO PostgreSQL driver with PDO::ATTR EMULATE PREPARES enabled...
PT-2024-25513 · Logpoint · Logpoint
Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: A path injection issue is present when adding a CSV enrichment source. The source name parameter can be modified to an absolute path, allowing the CSV file to be written to that path inside the /t...
PT-2024-20529 · Typo3 Cms +1 · Typo3/Cms +1
Name of the Vulnerable Software and Affected Versions: sf event mgt versions prior to 7.4.0 Description: The existing access control check for events in the backend module of sf event mgt, an event management and registration extension for the TYPO3 CMS, got broken during the update to TYPO3 12.4...
Vulnerabilities fixed in Liferay
Vulnerabilities have been fixed in Liferay Portal versions 7.3.3 through through 7.4.1. The vulnerabilities allow a malicious party to perform a Cross-Site Scripting attack or unintentionally view the list of groups and sites used within the portal. Liferay has made updates available for Liferay...
Elastic Stack 7.4.1 security update
Logstash Beats input denial of service flaw ESA-2019-14 A denial of service flaw was found in the Logstash beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop...
Elastic Stack 6.8.4 security update
Elasticsearch username disclosure flaw ESA-2019-13 A username disclosure flaw was found in Elasticsearch’s API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. Affected Versions The following...