26 matches found
WordPress Algori PDF Viewer Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Algori PDF Viewer Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2018-5158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f9da283093fc Credits Colin Xu Required...
Vulnerabilities fixed in Oracle Siebel CRM
Vulnerabilities have been fixed in Oracle Siebel CRM. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to sensitive data Oracle has fixed vulnerabilities in the...
@accoio/react-pdf-highlighter (>=2.0.0 <=2.0.1), @activelylearn/react-pdf (>=2.5.0 <=2.5.2) +97 more potentially affected by CVE-2018-5158 via pdfjs-dist (>=2.0.104 <=2.0.489)
pdfjs-dist NPM version =2.0.104, =2.0.0, =2.5.0, =1.0.32, =1.2.0, =15.0.0, =6.0.0, =39.0.0, =7.0.0, =110.0.0, =7.0.0, =6.0.0, =3.0.6, =8.0.0, =9.0.0, =4.0.9, =4.2.1 and more Source cves: CVE-2018-5158 Source advisory: OSV:GHSA-7JG2-JGV3-FMR4...
Mageia: Security Advisory (MGASA-2018-0338)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2298-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1334-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Nextcloud: XSS in PDF Viewer
An outdated version of PDF.js in use allows for the CVE-2018-5158 vulnerability. When the payload PDF is shown in the supplied PDF viewer, it can execute arbitrary JavaScript. I have tested the payload PDF, and it is working in the Safari 13.0.5 the latest version and Firefox 74.0 the latest...
Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2018-1189)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0130)
The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash...
FreeBSD : Gitlab -- Multiple vulnerabilities (da459dbc-5586-11e9-abd6-001b217b3468)
Gitlab reports : DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control 'move issue' Guest users of private projects have access to releases DoS potential on project languages page Recuri...
Gitlab -- Multiple vulnerabilities
Gitlab reports: DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control "move issue" Guest users of private projects have access to releases DoS potential on project languages page Recurit...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:2298-1)
This update for MozillaFirefox to the 52.9 ESR release fixes the following issues: These security issues were fixed : - Firefox ESR 52.9 : - CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 bsc1098998. - CVE-2018-12368 No warning when opening executable...
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:1334-2)
This update for MozillaFirefox to the ESR 52.8 release fixes the following issues : Mozil to Firefox ESR 52.8 bsc1092548 Security issues fixed : MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF...
Updated iceaepe packages fix security vulnerability
Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.49.1 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...
CVE-2018-5158
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...
CentOS 7 : firefox (CESA-2018:1415)
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:1319-1)
This update for MozillaFirefox to ESR 52.8 release fixes the following issues: Update to Firefox ESR 52.8 bsc1092548 Security issues fixed : - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF...
Mozilla Firefox ESR < 52.8
The version of Firefox ESR installed on the remote Windows host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-12 advisory. - Mozilla developers backported selected changes in the Skia library to the ESR52 branch of Firefox. These changes...
RHEL 6 : firefox (RHSA-2018:1414)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1414 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Oracle Linux 6 : firefox (ELSA-2018-1414)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2018-1414 advisory. 52.8.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper...