Lucene search
K

26 matches found

Patchstack
Patchstack
added 2024/11/08 12:0 a.m.19 views

WordPress Algori PDF Viewer Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Algori PDF Viewer Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2018-5158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f9da283093fc Credits Colin Xu Required...

8.8CVSS5.8AI score0.10576EPSS
Exploits0References3Affected Software1
NCSC
NCSC
added 2022/10/19 12:0 a.m.9 views

Vulnerabilities fixed in Oracle Siebel CRM

Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the...

9.3CVSS7AI score0.39361EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/05/14 1:22 a.m.4 views

@accoio/react-pdf-highlighter (>=2.0.0 <=2.0.1), @activelylearn/react-pdf (>=2.5.0 <=2.5.2) +97 more potentially affected by CVE-2018-5158 via pdfjs-dist (>=2.0.104 <=2.0.489)

pdfjs-dist NPM version =2.0.104, =2.0.0, =2.5.0, =1.0.32, =1.2.0, =15.0.0, =6.0.0, =39.0.0, =7.0.0, =110.0.0, =7.0.0, =6.0.0, =3.0.6, =8.0.0, =9.0.0, =4.0.9, =4.2.1 and more Source cves: CVE-2018-5158 Source advisory: OSV:GHSA-7JG2-JGV3-FMR4...

8.8CVSS7.2AI score0.10576EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2018-0338)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.21288EPSS
Exploits7References9
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2018:2298-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.4AI score0.21288EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2018:1334-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.21288EPSS
Exploits4References4
Hacker One
Hacker One
added 2020/03/16 2:1 a.m.850 views

Nextcloud: XSS in PDF Viewer

An outdated version of PDF.js in use allows for the CVE-2018-5158 vulnerability. When the payload PDF is shown in the supplied PDF viewer, it can execute arbitrary JavaScript. I have tested the payload PDF, and it is working in the Safari 13.0.5 the latest version and Firefox 74.0 the latest...

6.8CVSS1.7AI score0.10576EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.43 views

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2018-1189)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.21288EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.32 views

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0130)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash...

9.8CVSS8.2AI score0.21288EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2019/04/03 12:0 a.m.31 views

FreeBSD : Gitlab -- Multiple vulnerabilities (da459dbc-5586-11e9-abd6-001b217b3468)

Gitlab reports : DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control 'move issue' Guest users of private projects have access to releases DoS potential on project languages page Recuri...

8.8CVSS7.7AI score0.10576EPSS
Exploits10References14
FreeBSD
FreeBSD
added 2019/04/01 12:0 a.m.36 views

Gitlab -- Multiple vulnerabilities

Gitlab reports: DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control "move issue" Guest users of private projects have access to releases DoS potential on project languages page Recurit...

8.8CVSS1.2AI score0.10576EPSS
Exploits10References1
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.32 views

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:2298-1)

This update for MozillaFirefox to the 52.9 ESR release fixes the following issues: These security issues were fixed : - Firefox ESR 52.9 : - CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 bsc1098998. - CVE-2018-12368 No warning when opening executable...

9.8CVSS7.6AI score0.21288EPSS
Exploits6References44
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.36 views

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:1334-2)

This update for MozillaFirefox to the ESR 52.8 release fixes the following issues : Mozil to Firefox ESR 52.8 bsc1092548 Security issues fixed : MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF...

9.8CVSS7.7AI score0.21288EPSS
Exploits4References22
Mageia
Mageia
added 2018/08/15 3:45 p.m.46 views

Updated iceaepe packages fix security vulnerability

Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...

9.8CVSS2.3AI score0.21288EPSS
Exploits7References7
OSV
OSV
added 2018/06/11 9:29 p.m.9 views

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

8.8CVSS8.3AI score
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2018/05/31 12:0 a.m.273 views

CentOS 7 : firefox (CESA-2018:1415)

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS7.8AI score0.21288EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2018/05/17 12:0 a.m.32 views

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:1319-1)

This update for MozillaFirefox to ESR 52.8 release fixes the following issues: Update to Firefox ESR 52.8 bsc1092548 Security issues fixed : - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF...

9.8CVSS7.7AI score0.21288EPSS
Exploits4References22
Tenable Nessus
Tenable Nessus
added 2018/05/17 12:0 a.m.51 views

Mozilla Firefox ESR < 52.8

The version of Firefox ESR installed on the remote Windows host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-12 advisory. - Mozilla developers backported selected changes in the Skia library to the ESR52 branch of Firefox. These changes...

9.8CVSS7.8AI score0.21288EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2018/05/16 12:0 a.m.50 views

RHEL 6 : firefox (RHSA-2018:1414)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1414 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

9.8CVSS8AI score0.21288EPSS
Exploits4References22
Tenable Nessus
Tenable Nessus
added 2018/05/15 12:0 a.m.40 views

Oracle Linux 6 : firefox (ELSA-2018-1414)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2018-1414 advisory. 52.8.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper...

9.8CVSS7.7AI score0.21288EPSS
Exploits4References10
Rows per page
Query Builder