240 matches found
CVE-2018-11439 affecting package taglib for versions less than 1.13.1-1
CVE-2018-11439 affecting package taglib for versions less than 1.13.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2017-12678 affecting package taglib for versions less than 1.13.1-1
CVE-2017-12678 affecting package taglib for versions less than 1.13.1-1. An upgraded version of the package is available that resolves this issue...
Oracle Linux 7 : taglib (ELSA-2020-1175)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1175 advisory. 1.8-8.20130218git - Fixed OOB read when loading invalid ogg flac file Resolves: bz1585260 Tenable has extracted the preceding description block directly from th...
SUSE CVE-2012-1107
The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted sampleRate in an ape file, which triggers a divide-by-zero error...
SUSE CVE-2012-1108
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted vendorLength field in an ogg file...
SUSE CVE-2012-1584
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted file header field in a media file, which triggers a large memory allocation...
SUSE CVE-2017-12678
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file...
SUSE CVE-2018-11439
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted audio file...
GHSA-G6R2-6X46-JPP6 Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module
A Cross-site scripting XSS vulnerability in the Frontend Taglib module before 9.1.7 from Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module
A Cross-site scripting XSS vulnerability in the Frontend Taglib module before 9.1.7 from Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
CVE-2022-42117
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
Liferay Portal和Liferay DXP 跨站脚本漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2022-42117
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
CVE-2022-42117
A Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML...
Liferay Portal and Liferay DXP Vulnerable to XSS via Tag Name
A cross-site scripting XSS vulnerability in Liferay Asset Taglib before v6.1.9 from Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag...
GHSA-9H7F-5HC8-CJ5F Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...
Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module
Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...
com.liferay:com.liferay.asset.publisher.web (>=1.0.0 <=1.8.11), com.liferay:com.liferay.blogs.web (>=1.0.0 <=2.0.4) +3 more potentially affected by CVE-2021-33320 via com.liferay:com.liferay.flags.taglib (=2.0.0)
com.liferay:com.liferay.flags.taglib MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.flags.taglib and may be impacted: - com.liferay:com.liferay.asset.publisher.web =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.3.0...
Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " / or " /. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable...