Lucene search
K

113 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:23 p.m.10 views

CVE-2019-6762

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.03484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:16 p.m.15 views

CVE-2020-8853

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.7AI score0.06004EPSS
Exploits0References1
Fedora
Fedora
added 2024/11/17 2:15 a.m.17 views

[SECURITY] Fedora 41 Update: ghostscript-10.03.1-4.fc41

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

8.4CVSS7.3AI score0.0055EPSS
Exploits0
wpexploit
wpexploit
added 2024/04/02 12:0 a.m.148 views

Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings Save as Image" 2...

5.7AI score0.00266EPSS
Exploits2
Veracode
Veracode
added 2023/10/08 3:59 p.m.18 views

Denial Of Service (DoS)

ghostscript is vulnerable to Denial Of Service DoS. The vulnerability exists due to the integer overflow in the plglyphname of plfont.c, which allows an attacker to cause an application by transforming a maliciously crafted PCL file to PDF format...

5.5CVSS6.9AI score0.00343EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/08/08 6:15 p.m.12 views

Code injection

Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI dangerzone-cli command logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is...

1.9CVSS3.9AI score0.00249EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/08/08 5:31 p.m.25 views

CVE-2023-39342 Dangerzone CLI does not sanitize ANSI escape characters

Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI dangerzone-cli command logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is...

3.6CVSS4.8AI score0.00249EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/01 12:0 a.m.4 views

Artifex Software Ghostscript Input Validation Error Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-Postscrip...

5.5CVSS6.6AI score0.00343EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/07/20 10:55 a.m.19 views

CVE-2023-37290 InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF)

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows...

7.5CVSS7.8AI score0.00558EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/20 12:0 a.m.4 views

InfoDoc Document On-line Submission and Approval System 代码问题漏洞

The InfoDoc Document On-line Submission and Approval System is an online submission and approval system for documents from InfoDoc, Inc. The InfoDoc Document On-line Submission and Approval System is vulnerable to a code issue that originates from a Server Request Forgery SSRF vulnerability in th...

7.5CVSS7.6AI score0.00558EPSS
Exploits0References2
CNVD
CNVD
added 2023/06/30 12:0 a.m.4 views

Orangescrum cross-site scripting vulnerability (CNVD-2026-02680)

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum cross-site scripting vulnerability, the vulnerability stems from the application does not properly validate the HTML content to be converted t...

7.6CVSS6.2AI score0.00576EPSS
Exploits1References1
OSV
OSV
added 2023/06/23 10:15 p.m.13 views

CVE-2023-1783

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

7.6CVSS6.8AI score0.00576EPSS
Exploits1References2
CVE
CVE
added 2023/06/23 9:55 p.m.47 views

CVE-2023-1783

OrangeScrum 2.0.11 is vulnerable to a flaw in HTML-to-PDF rendering that allows an external attacker to remotely obtain AWS instance credentials. The root cause is improper validation of HTML content during PDF conversion, leading to credentials leakage (impacting confidentiality). The most expli...

7.6CVSS6.8AI score0.00576EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.4 views

PT-2023-17241 · Unknown · Orangescrum

Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

7.6CVSS7.2AI score0.00576EPSS
Exploits1References5
CNVD
CNVD
added 2022/05/24 12:0 a.m.9 views

Out-of-bounds read vulnerability in multiple Adobe products (CNVD-2022-43383)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. Multiple Adobe products have out-of-bounds read vulnerabilities that can be exploited by an attacker to execute arbitrary code in the...

9.3CVSS7.8AI score0.03292EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/29 12:0 a.m.8 views

Antenna House Office Server Document Converter 代码问题漏洞

Antenna House Office Server Document Converter Osdc is an office server document converter from Antenna House USA. It is used to batch convert Word, Excel and Powerpoint into high quality Pdf or image formats that are easy to share and look accurate on any screen. A code issue vulnerability exist...

7.5CVSS7.4AI score0.01471EPSS
Exploits0References4
OSV
OSV
added 2021/08/26 11:15 a.m.10 views

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

6.1CVSS6.6AI score
Exploits0References3
NVD
NVD
added 2021/08/26 11:15 a.m.24 views

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

6.1CVSS0.00902EPSS
Exploits0References3
OSV
OSV
added 2021/08/26 11:15 a.m.12 views

CVE-2020-14160

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources...

7.5CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2021/08/26 11:15 a.m.18 views

Server side request forgery (ssrf)

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources...

5CVSS7.3AI score0.01695EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder