new packages: taglib

An update is available for taglib. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

au.com.permeance:liferay-clojure-integration (=0.1), com.liferay.maven.plugins:liferay-maven-plugin (>=6.0.2 <=6.0.6) +6 more potentially affected by CVE-2010-5327 via com.liferay.portal:portal-impl (>=5.2.3 <=6.2.1)

com.liferay.portal:portal-impl MAVEN version =5.2.3, =6.0.2, =6.1.2, =5.2.3, =2.4, =1.0, =2.0, =2.5 Source cves: CVE-2010-5327 Source advisory: OSV:GHSA-97GM-MCV6-CPHM...

com.liferay:com.liferay.adaptive.media.web (>=1.0.0 <=1.0.6), com.liferay:com.liferay.amazon.rankings.web (>=1.0.0 <=1.0.14) +128 more potentially affected by CVE-2017-12648 via com.liferay:com.liferay.frontend.taglib (>=1.0.0 <=2.1.0)

com.liferay:com.liferay.frontend.taglib MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.11 and more Source cves: CVE-2017-12648 Source advisory: OSV:GHSA-CM99-X97G-9QX8...

com.liferay:com.liferay.portal.store.jcr (>=1.0.0 <=2.0.3), com.squeakysand.jcr:squeakysand-jcr-taglib-test (>=0.2.0 <=0.4.0) +8 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.2.0 <=2.2.13)

org.apache.jackrabbit:jackrabbit-core MAVEN version =2.2.0, =1.0.0, =0.2.0, =0.2.0, =2.10.0, =2.2.0, =2.2.0, =1.2.0-cr4, =1.2.0-cr8 Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...

Cross-site Scripting (XSS)

Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in the processStartTag function of ManagementToolbarTag.java because the keyword parameter of the search function is not properly escaped, which allows an attacker to inject and execute arbitrary web...

Cross-site Scripting (XSS)

Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in processStartTag function of ManagementToolbarTag.java because the keyword in the search function is not escaped which allows an attacker to inject and execute arbitrary javascript...

GHSA-9536-M86R-Q297 Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter

Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting XSS vulnerability via the keywords parameter under the Frontend Taglib module before 7.1.15...

Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter

Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting XSS vulnerability via the keywords parameter under the Frontend Taglib module before 7.1.15...

CVE-2021-38264

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...

Cross site scripting

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A cross-site scripting vulnerability exists in...

Mageia: Security Advisory (MGASA-2018-0300)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

In TagLib 1.11.1 the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.

...

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

...

Debian: Security Advisory (DLA-2772-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2772-1 : taglib - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2772 advisory. - In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a deni...

[SECURITY] [DLA 2772-1] taglib security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2772-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 30, 2021 https://wiki.debian.org/LTS -...

DLA-2772-1 taglib - security update

Bulletin has no description...

CVE-2021-35463

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...