3793 matches found
OpenMage LTS 命令注入漏洞
OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A command injection vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which stems from the layout block being able to bypass the block blacklist to execute remote code...
PT-2023-12375 · Unknown · Openmage Lts
Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue allows a layout block to bypass the block blacklist, enabling the execution of remote code. This is a significant problem for an e-commerce...
Apple tvOS 安全漏洞
Apple tvOS is a set of smart TV operating systems from the American company Apple. A security vulnerability exists in Apple tvOS versions prior to 16.3, which stems from an information disclosure issue where an application may be able to determine the kernel memory layout...
OSV-2023-27 Heap-buffer-overflow in OT::Layout::GPOS_impl::PairSet<OT::Layout::MediumTypes>::apply
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55287 Crash type: Heap-buffer-overflow READ 1 Crash state: OT::Layout::GPOSimpl::PairSet::apply OT::Layout::GPOSimpl::PairPosFormat13::apply bool OT::hbacceleratesubtablescontextt::applytoOT::Layout::GPOSimpl::Pair...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to reading data beyond the buffer in memory, allows attackers to gain unauthorized access to information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to information through a specially created malicious file...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing data outside the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to reading data beyond the buffer in memory, allows attackers to gain unauthorized access to information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to information through a specially created malicious file...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to insufficient validation of input data, allows a hacker to execute arbitrary code.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing data outside the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2023-21581
Adobe Acrobat Reader versions 22.003.20282 and earlier, 22.003.20281 and earlier and 20.005.30418 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR...
Unsafe Storage Layout
Lines of code Vulnerability details Potentially lead to storage collision and cause the account to be re-initialized or have ownership transferred. Use upgradeable DiamondStorage for all inherited contracts. --- The text was updated successfully, but these errors were encountered: All reactions...
GHSA-GFGM-CHR3-X6PX prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined...
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created link...
DEBIAN-CVE-2022-28286
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...
CVE-2022-28286
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...
CVE-2022-28286
The CVE-2022-28286 issue is a layout-related vulnerability where iframe contents could render outside their border, potentially enabling spoofing or user confusion. Affected products and versions identified in connected documents include Thunderbird < 91.8, Firefox < 99, and Firefox ESR
CVE-2022-28286
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...
CVE-2022-28286
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...
CVE-2022-28286
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...