EUVD-2022-41092

Malicious code in bioql PyPI...

Privilege Escalation

com.liferay.translation.web is vulnerable to privilege escalation. The vulnerability exists in multiple functions in ExportTranslationMVCResourceCommand.java due to improper access control which allows an attacker to download a web content page's XLIFF translation file via malicious URL...

Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module

The Translation module before v2.0.58 from Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via...

CVE-2022-38512

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...

CVE-2022-38512

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...

CVE-2022-38512

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...

CVE-2022-38512

The CVE-2022-38512 issue affects Liferay Portal v7.4.3.12–v7.4.3.36 and Liferay DXP 7.4 update 8–36, where the Translation module does not verify permissions when exporting a web content for translation. The underlying flaw allows an attacker to download a web content page’s XLIFF translation fil...

CVE-2022-38512

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2022-24434 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.12 through 7.4.3.36 Liferay DXP 7.4 update 8 through 36 Description: The Translation module does not check permissions before allowing a user to export a web content for translation. This allows attackers to...

openSUSE Security Update : translate-toolkit (openSUSE-2018-130)

This update for translate-toolkit to 2.2.4 fixes several issues. This security issue was fixed : - Prevent inclusion of external ressources XXE boo1073535 These non-security issues were fixed : - Added support for nested and WebExtension JSON dialects. - po2txt no longer converts non-translatable...

Fedora Update for pootle FEDORA-2010-17000

Check for the Version of pootle OpenVAS Vulnerability Test Fedora Update for pootle FEDORA-2010-17000 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora Update for pootle FEDORA-2010-16990

Check for the Version of pootle OpenVAS Vulnerability Test Fedora Update for pootle FEDORA-2010-16990 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora Update for pootle FEDORA-2010-16998

Check for the Version of pootle OpenVAS Vulnerability Test Fedora Update for pootle FEDORA-2010-16998 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

[SECURITY] Fedora 12 Update: pootle-2.1.2-1.fc12

Pootle is web application for managing distributed or crowdsourced translation. It's features include:: Translation of Gettext PO and XLIFF files. Translation of monolingual files subtitles, Java properties, etc Submitting to remote version control systems VCS. Managing groups of translators Onli...

[SECURITY] Fedora 14 Update: pootle-2.1.2-1.fc14

Pootle is web application for managing distributed or crowdsourced translation. It's features include:: Translation of Gettext PO and XLIFF files. Translation of monolingual files subtitles, Java properties, etc Submitting to remote version control systems VCS. Managing groups of translators Onli...