Lucene search
K

324 matches found

Debian CVE
Debian CVE
added 2022/09/25 12:0 a.m.29 views

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.04057EPSS
Exploits3
Friends Of PHP
Friends Of PHP
added 2022/09/22 1:54 p.m.21 views

Remote file inclusion

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.04057EPSS
Exploits3Affected Software1
OSV
OSV
added 2022/07/27 5:3 p.m.4 views

DRUPAL-CONTRIB-2022-050

This module enables you to generate PDF versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes...

6.9AI score
Exploits0References1
Drupal
Drupal
added 2022/07/27 12:0 a.m.17 views

PDF generator API - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-050

This module enables you to generate PDF versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes...

6.7AI score
Exploits0References8
Veracode
Veracode
added 2022/07/19 8:37 a.m.30 views

Information Disclosure

dompdf/dompdf is vulnerable to information disclosure. The vulnerability exists because the resource URI validations are not properly handled which allows an attacker to bypass chroot checks and gain access to image files in the system...

5.3CVSS5.3AI score0.00913EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/07/19 12:0 a.m.32 views

Dompdf before v2.0.0 vulnerable to chroot check bypass

Dompdf prior to version 2.0.0 is vulnerable to a chroot check bypass, which could cause disclosure of png and jpeg files...

5.3CVSS3.2AI score0.00913EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/07/19 12:0 a.m.258 views

GHSA-5QJ8-6XXJ-HP9H Dompdf before v2.0.0 vulnerable to chroot check bypass

Dompdf prior to version 2.0.0 is vulnerable to a chroot check bypass, which could cause disclosure of png and jpeg files...

5.3CVSS6.8AI score0.00913EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/07/18 3:15 p.m.3 views

CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS5.9AI score0.00913EPSS
Exploits1References4
OSV
OSV
added 2022/07/18 3:15 p.m.2 views

DEBIAN-CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS7.1AI score0.00913EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/07/18 3:15 p.m.35 views

CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS6.8AI score0.00913EPSS
Exploits1References5
OSV
OSV
added 2022/07/18 3:15 p.m.1 views

UBUNTU-CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS6.8AI score0.00913EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.7 views

Dompdf 安全漏洞

Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf versions prior to 2.0.0, which originates from an externally controlled filename or path...

5.3CVSS7.3AI score0.00913EPSS
Exploits1References8
CVE
CVE
added 2022/07/18 12:0 a.m.95 views

CVE-2022-2400

CVE-2022-2400 affects php-dompdf prior to 2.0.0, with Debian/Ubuntu advisories (DLA-4427-1, USN-6277-1/2) documenting a vulnerability where external control of the file name/path could bypass access checks. Debian 11 fix: upgrade to 0.6.2+dfsg-3.1+deb11u1; Ubuntu advisories reference correspondin...

5.3CVSS5.6AI score0.00913EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/07/18 12:0 a.m.26 views

CVE-2022-2400 External Control of File Name or Path in dompdf/dompdf

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS5.9AI score0.00913EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.3 views

PT-2022-16401

Name of the Vulnerable Software and Affected Versions dompdf versions prior to 2.0.0 Description The issue concerns a chroot check bypass that could lead to the disclosure of png and jpeg files. It allows for external control of file name or path in the GitHub repository dompdf/dompdf...

9.8CVSS8AI score0.04556EPSS
Exploits2References35
OSV
OSV
added 2022/07/18 12:0 a.m.16 views

CVE-2022-2400 External Control of File Name or Path in dompdf/dompdf

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS7.5AI score0.00913EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/07/18 12:0 a.m.28 views

CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS6.5AI score0.00913EPSS
Exploits1
OSV
OSV
added 2022/07/13 3:44 p.m.3 views

DRUPAL-CONTRIB-2022-048

This module enables you to generate print versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf Note on 3rd party vulnerabilities This security advisory corresponds to a 3rd party...

7AI score
Exploits0References1
Drupal
Drupal
added 2022/07/13 12:0 a.m.17 views

Entity Print - Moderately critical - Multiple: Remote Code Execution, Information disclosure - SA-CONTRIB-2022-048

This module enables you to generate print versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf 2.0.0 See the library release notes for more detail:...

6.6AI score
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/06/29 12:0 a.m.28 views

Server-Side Request Forgery in dompdf/dompdf

Server-Side Request Forgery SSRF in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS2.9AI score0.00953EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder