CVE-2022-45418

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

[SECURITY] Fedora 37 Update: rubygem-pdfkit-0.8.7.2-1.fc37

Create PDFs using plain old HTML+CSS. Uses wkhtmltopdf on the back-end which renders HTML using Webkit...

[SECURITY] Fedora 37 Update: php-Smarty-3.1.47-1.fc37

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php...

CVE-2022-3304

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2022-3304

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Design/Logic Flaw

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-3304

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

UBUNTU-CVE-2022-3304

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-3304

CVE-2022-3304 is a use-after-free in CSS in Google Chrome/Chromium prior to 106.0.5249.62 that could allow remote heap corruption via a crafted HTML page. The issue affects Chrome/Chromium’s CSS handling and was fixed in Chrome 106.0.5249.61–106.0.5249.62 (stable channel). Exploitation status is ...

CVE-2022-3304

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

GLSA-202210-16 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-16 Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to...

CVE-2022-35739

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets CSS data is inserted into the style tag, loading...

CVE-2022-35739

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets CSS data is inserted into the style tag, loading...

CVE-2022-35739

PRTG Network Monitor vulnerable through version 22.2.77.2204 where custom input on a device icon can inject arbitrary CSS into the device’s style tag. When the device page loads, the injected CSS may load malicious content. The issue cannot be escalated to XSS due to input restrictions and browse...

CVE-2022-35739

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets CSS data is inserted into the style tag, loading...

Fedora: Security Advisory for rubygem-pdfkit (FEDORA-2022-3ec8272e72)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: rubygem-pdfkit-0.8.7-1.fc36

Create PDFs using plain old HTML+CSS. Uses wkhtmltopdf on the back-end which renders HTML using Webkit...

[SECURITY] Fedora 35 Update: rubygem-pdfkit-0.8.7-1.fc35

Create PDFs using plain old HTML+CSS. Uses wkhtmltopdf on the back-end which renders HTML using Webkit...

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in CSS of the chromium browser which allows a remote attacker to potentially exploit heap corruption via a malicious HTML page...

com.liferay:com.liferay.css.builder (>=1.0.8 <=1.0.14), com.liferay:com.liferay.deployment.helper (>=1.0.0 <=1.0.2) +8 more potentially affected by CVE-2022-41414 via com.liferay.portal:portal-impl (=7.0.0-nightly)

com.liferay.portal:portal-impl MAVEN version =7.0.0-nightly is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay.portal:portal-impl and may be impacted: - com.liferay:com.liferay.css.builder =1.0.8, =1.0.0, =1.0.6, =1.0.3, =1.0.3, =1.0.47,...