PT-2024-21401 · Kirby Cms · Kirby Cms

Name of the Vulnerable Software and Affected Versions: Kirby CMS version 4.1.0 Description: A stored cross-site scripting XSS vulnerability in the Edit Content Layout module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. The vendor's...

PT-2024-21399 · Kirby Cms +1 · Kirby Cms +1

Name of the Vulnerable Software and Affected Versions: Kirby CMS version 4.1.0 Description: An HTML injection issue exists in the Edit Content Layout module. The vendor disputes the significance of this report, stating that some HTML formatting is allowed and backend sanitization prevents the...

PT-2024-16275 · WordPress · Amp For Wp – Accelerated Mobile Pages

Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.93.1 Description: The issue is related to unauthorized loss of data due to a missing capability check on the amppb remove saved layout data function...

The vulnerability of the ODBC Driver for dynamic layout in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the ODBC Driver for dynamic layout in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-20747

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

EulerOS 2.0 SP5 : libmicrohttpd (EulerOS-SA-2024-1146)

According to the versions of the libmicrohttpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the...

Design/Logic Flaw

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

BIT-LIFERAY-2022-42124

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...

BIT-LIFERAY-2023-33944

Cross-site scripting XSS vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's UR...

PT-2024-20466 · Unknown · Stereoscope

Name of the Vulnerable Software and Affected Versions: stereoscope versions prior to 0.0.1 Description: It is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. This issue is...

Malicious code in yoga-layout-bf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d9b59bfda9900fe733c84e49fb2751b2e66ecd904895deedb4b591f80be5685d The OpenSSF Package Analysis project identified 'yoga-layout-bf' @ 2.1.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-20710

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...

The vulnerability of the APDU Frame Layout Handler component in Hitachi Energy RTU500 CMU series programmable logic controllers allows a attacker to trigger a service failure.

The vulnerability of the APDU Frame Layout Handler component in Hitachi Energy RTU500 CMU series programmable logic controllers is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to trigger service failures by sending...

PT-2024-5263 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to information disclosure when Address Space Layout Randomization ASLR relocates certain portions in virtual address space as one chunk...

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

CVE-2023-48650

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

PT-2023-30871 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and earlier Concrete CMS versions 9.0.0 through 9.2.2 Description: The issue allows an admin to add a stored XSS payload via the Layout Preset name, potentially affecting user interactions with the system...