Astra Linux - уязвимость в chromium

The use of “after free” in the Guest View of Google Chrome before version 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of “after free” in the Guest View of Google Chrome before version 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Before version 103.0.5060.134, using free after in the Guest View in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

Improper Access Control

liferay-portal is vulnerable to an Improper Access Control. The vulnerability is due to virtual products being saved with guest view permissions, where the Commerce component stores uploaded product files in Documents and Media without restricting access. An attacker can exploit this by requestin...

EUVD-2022-34736

Malicious code in bioql PyPI...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 Service Pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

GHSA-CHR3-W547-85HW Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 Service Pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

CVE-2025-43808

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

CVE-2025-43808

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

CVE-2025-43808

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

CVE-2025-43808

The CVE-2025-43808 entry covers Liferay Portal 7.3.0–7.4.3.112 and Liferay DXP 2023.Q4.0–2023.Q4.8 (and related 7.4 GA/update ranges). The issue arises in the Commerce component where uploaded virtual products in Documents and Media inherit guest view permissions, enabling remote attackers to acc...

PT-2025-38626

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.0 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 service pack 3 through update 35...

Incorrect Default Permissions

Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default assignment of view permissions to guest users for web content templates via the UI or API. Remediation Upgrade...

Magento LTS's guest order "protect code" can be brute-forced too easily

Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. Patch...

PT-2023-28137 · Adobe · Magento-Lts

Name of the Vulnerable Software and Affected Versions: Magento LTS versions prior to 19.5.1 Magento LTS versions prior to 20.1.1 Description: The issue concerns the "guest-view" cookie in Magento LTS, which contains a 6 hexadecimal character protect code. This code is not sufficient to prevent...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Guest View in the library, which allows an attacker to convince a user to install a malicious extension to potentially exploit heap corruption via a maliciously crafted HTML page...

FreeBSD : electron22 -- multiple vulnerabilities (3446e45d-a51b-486f-9b0e-e4402d91fed6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3446e45d-a51b-486f-9b0e-e4402d91fed6 advisory. - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to...

Use After Free

Google Chrome Guest View is vulnerable to Use After Free. This allow an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

Chromium: CVE-2023-3422 Use after free in Guest View

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...