Lucene search
K

240 matches found

CBLMariner
CBLMariner
added 2023/09/28 12:35 p.m.14 views

CVE-2018-11439 affecting package taglib for versions less than 1.13.1-1

CVE-2018-11439 affecting package taglib for versions less than 1.13.1-1. An upgraded version of the package is available that resolves this issue...

6.5CVSS6.9AI score0.02847EPSS
Exploits1
CBLMariner
CBLMariner
added 2023/09/28 12:35 p.m.46 views

CVE-2017-12678 affecting package taglib for versions less than 1.13.1-1

CVE-2017-12678 affecting package taglib for versions less than 1.13.1-1. An upgraded version of the package is available that resolves this issue...

8.8CVSS7.6AI score0.02207EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.22 views

Oracle Linux 7 : taglib (ELSA-2020-1175)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1175 advisory. 1.8-8.20130218git - Fixed OOB read when loading invalid ogg flac file Resolves: bz1585260 Tenable has extracted the preceding description block directly from th...

6.5CVSS5.6AI score0.02847EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.3 views

SUSE CVE-2012-1107

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted sampleRate in an ape file, which triggers a divide-by-zero error...

4.3CVSS6.6AI score0.01827EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.3 views

SUSE CVE-2012-1108

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted vendorLength field in an ogg file...

4.3CVSS6.7AI score0.03103EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.2 views

SUSE CVE-2012-1584

Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted file header field in a media file, which triggers a large memory allocation...

4.3CVSS6.9AI score0.02646EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.4 views

SUSE CVE-2017-12678

In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file...

8.8CVSS7.4AI score0.02207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.5 views

SUSE CVE-2018-11439

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file...

3.3CVSS6.6AI score0.02847EPSS
Exploits1References6
OSV
OSV
added 2022/10/19 12:0 p.m.2 views

GHSA-G6R2-6X46-JPP6 Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module

A Cross-site scripting XSS vulnerability in the Frontend Taglib module before 9.1.7 from Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00496EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/10/19 12:0 p.m.20 views

Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module

A Cross-site scripting XSS vulnerability in the Frontend Taglib module before 9.1.7 from Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00496EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2022/10/18 9:15 p.m.22 views

CVE-2022-42117

A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS0.00496EPSS
Exploits0References1
Prion
Prion
added 2022/10/18 9:15 p.m.14 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

5.8CVSS6.1AI score0.00496EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.5 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.1CVSS5.8AI score0.00496EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/10/18 12:0 a.m.25 views

CVE-2022-42117

A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

6.3AI score0.00496EPSS
Exploits0References1
OSV
OSV
added 2022/10/18 12:0 a.m.4 views

CVE-2022-42117

A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS5.9AI score0.00496EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/23 12:0 a.m.6 views

Liferay Portal and Liferay DXP Vulnerable to XSS via Tag Name

A cross-site scripting XSS vulnerability in Liferay Asset Taglib before v6.1.9 from Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag...

6.1CVSS5.9AI score0.00363EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/24 7:10 p.m.2 views

GHSA-9H7F-5HC8-CJ5F Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...

6.1CVSS5.9AI score0.0075EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 7:10 p.m.5 views

Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...

6.1CVSS6AI score0.0075EPSS
Exploits0References4Affected Software2
vulnersOsv
vulnersOsv
added 2022/05/24 7:9 p.m.5 views

com.liferay:com.liferay.asset.publisher.web (>=1.0.0 <=1.8.11), com.liferay:com.liferay.blogs.web (>=1.0.0 <=2.0.4) +3 more potentially affected by CVE-2021-33320 via com.liferay:com.liferay.flags.taglib (=2.0.0)

com.liferay:com.liferay.flags.taglib MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.flags.taglib and may be impacted: - com.liferay:com.liferay.asset.publisher.web =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.3.0...

4.3CVSS5.8AI score0.01195EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.13 views

Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...

4.7CVSS6.1AI score0.02283EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder