BIRD-LG 跨站脚本漏洞

BIRD-LG is a routing daemon by the individual developer Mehdi ABAAKOUK. BIRD-LG has a security vulnerability that stems from some unknown handling of the file templates/layout.html, which manipulates the parameter requestargs to cause cross-site scripting...

PT-2022-11672 · Unknown · Sileht Bird-Lg

Name of the Vulnerable Software and Affected Versions: sileht bird-lg affected versions not specified Description: A problematic issue has been found in the processing of the file templates/layout.html, where the manipulation of the request args argument leads to cross-site scripting. The attack...

CVE-2022-4588

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...

CVE-2022-4588

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...

CVE-2022-4588 Boston Sleep slice Layout cross site scripting

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...

CVE-2022-4588

CVE-2022-4588 affects Boston Sleep Slice up to version 84.1.x, with the vulnerability located in an unknown function of the Layout Handler that enables cross-site scripting. The issue can be exploited remotely. A fix is available in version 84.2.0, with patch identifier 6523bb17d889e2ab13d767f38a...

PT-2022-27666 · Unknown · Boston Sleep Slice

Name of the Vulnerable Software and Affected Versions: Boston Sleep slice versions up to 84.1.x Boston Sleep slice versions up to 84.2.0 Description: A vulnerability was found in the component Layout Handler, which can lead to cross site scripting. The manipulation can be launched remotely. It is...

CVE-2022-4588 Boston Sleep slice Layout cross site scripting

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...

Adobe Illustrator 缓冲区错误漏洞

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigation measures such as ASLR and cause sensitive memory leaks...

Update 15.17 for Microsoft Dynamics 365 Business Central 2019 Release Wave 2 (Application Build 15.17.49440, Platform Build 15.0.49431)

Update 15.17 for Microsoft Dynamics 365 Business Central 2019 Release Wave 2 Application Build 15.17.49440, Platform Build 15.0.49431 This article applies to Microsoft Dynamics 365 Business Central 2019 Release Wave 2 for all countries and all language locales. Overview This update replaces...

RUSTSEC-2022-0074 Force cast a &Vec<T> to &[T]

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB. 2. Even ...

Force cast a &Vec<T> to &[T]

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB. 2. Even ...

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in Layout in Google Chrome which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Moderate: Red Hat Security Advisory: harfbuzz security update

An update for harfbuzz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

GHSA-GXXJ-FHMR-37J9 Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module

A SQL injection vulnerability in the Layout module before 4.0.17 from Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted...

Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module

A SQL injection vulnerability in the Layout module before 4.0.17 from Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted...

harfbuzz security update

An update is available for harfbuzz. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes:...

RLSA-2022:8384 Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc CVE-2022-33068 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

CVE-2022-42124

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...

PT-2022-26270 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.4 Liferay DXP versions 7.2 fix pack 9 through fix pack 18 Liferay DXP version 7.3 before update 4 Liferay DXP version 7.4 GA Description: A ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProce...