Liferay Portal and Liferay DXP Fails to Check Permissions

The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...

CVE-2021-29052

The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...

Extreme Office 1.0.1.30274 suffers from memory corruption vulnerability

Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. A memory corruption vulnerability exists in Extreme Office version 1.0.1.30274. The vulnerability is caused due to the failure of the loop body of a function in the core module...

Cisco ACE30 Application Control Engine Module and ACE 4710 Application Control Engine Denial of Service Vulnerabilities

Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine are both next-generation load balancing and application delivery solutions from Cisco. A denial of service vulnerability exists in the Cisco ACE30 Application Control Engine Module and Cisco ACE 4710...