3793 matches found
CVE-2022-42124
The CVE-2022-42124 ReDoS vulnerability affects Liferay Portal 7.3.2–7.4.3.4 and Liferay DXP 7.2 (fix pack 9–18), 7.3 before update 4, and 7.4 GA, in LayoutPageTemplateEntryUpgradeProcess. A crafted payload in the layout prototype’s name field can cause excessive server resource consumption. Remed...
CVE-2022-42124
ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...
Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc CVE-2022-33068 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
ALSA-2022:8384 Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc CVE-2022-33068 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Liferay Portal和Liferay DXP SQL注入漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
The execute() function of SeaportProxy.sol will always fail.
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. While L69 of SeaportProxy.sol is successful in preventing the function being called by a contract other than the LooksRareAggregator, unfortunately, the current implementation will fail the calling from...
The vulnerability of the Layout component in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.
The vulnerability of the Layout component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...
CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
UBUNTU-CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10177-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10177-1 advisory. - Type Confusion in V8. CVE-2022-3652, CVE-2022-3723 - Heap buffer overflow in Vulkan. CVE-2022-3653 - Use after free in Layout...
openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10180-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10180-1 advisory. - Type Confusion in V8. CVE-2022-3652, CVE-2022-3723 - Heap buffer overflow in Vulkan. CVE-2022-3653 - Use after free in Layout...
GHSA-5QXQ-VGMM-Q39M RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Impact The user controlled twig templates rendering in Pimcore/Mail & ClassDefinition\Layout\Text is vulnerable to server-side template Injection RCE. Patches Update to version 10.5.9 or apply this patch manually https://github.com/pimcore/pimcore/pull/13347.patch Workarounds Apply...
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Impact The user controlled twig templates rendering in Pimcore/Mail & ClassDefinition\Layout\Text is vulnerable to server-side template Injection RCE. Patches Update to version 10.5.9 or apply this patch manually https://github.com/pimcore/pimcore/pull/13347.patch Workarounds Apply...