Lucene search
K

251 matches found

OSV
OSV
added 2020/07/15 9:56 p.m.5 views

SUSE-SU-2020:1937-1 Security update for cairo

This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leak...

7.5CVSS7.6AI score0.03463EPSS
Exploits1References3
Patchstack
Patchstack
added 2020/03/24 12:0 a.m.35 views

WordPress Post PDF Export plugin <= 1.0.1 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Post PDF Export plugin versions = 1.0.1. Solution Plugin closed. Deactivate and delete...

6.8CVSS2.4AI score0.39374EPSS
Exploits6References2Affected Software1
Hacker One
Hacker One
added 2020/03/03 6:28 p.m.287 views

Visma Public: HTML-injection in PDF-export leads to LFI

The researcher was able to extract contents of files using the pdf-generator in "Yearly Financial Statements". This was done by adding an IFRAME-tag inside the companyname. Once rendered in Yearly Financial Statements, it included the file the IFRAME was pointing to. In this POC it was /etc/passw...

2.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2019/10/12 2:25 a.m.40 views

CVE-2019-10177

It was found that PDF export component in CloudForms was vulnerable to cross-side scripting XSS as user input was not properly sanitized. An authenticated attacker with privileges to edit compute could use the XSS vulnerability against users, which could lead to arbitrary code execution, and...

6.5CVSS3.2AI score0.0096EPSS
Exploits0References3
CNVD
CNVD
added 2019/06/28 12:0 a.m.3 views

Red Hat CloudForms Cross-Site Scripting Vulnerability

Red Hat CloudForms is a hybrid infrastructure management platform from Red Hat, Inc. The platform provides deployment, management, and other capabilities across virtual machines, clouds, containers, and physical infrastructure. A cross-site scripting vulnerability exists in the PDF export module ...

6.5CVSS6.2AI score0.0096EPSS
Exploits0References1
NVD
NVD
added 2019/06/27 9:15 p.m.22 views

CVE-2019-10177

A stored cross-site scripting XSS vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to...

6.5CVSS6.3AI score0.0096EPSS
Exploits0References2
Prion
Prion
added 2019/06/27 9:15 p.m.21 views

Cross site scripting

A stored cross-site scripting XSS vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to...

6CVSS6.3AI score0.0096EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/27 8:50 p.m.23 views

CVE-2019-10177

A stored cross-site scripting XSS vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to...

6.5CVSS6.3AI score0.0096EPSS
Exploits0References2
CVE
CVE
added 2019/06/27 8:50 p.m.76 views

CVE-2019-10177

CloudForms (Red Hat) PDF export module in versions 5.9 and 5.10 is affected by a stored XSS due to unsanitized user input. An attacker with privileges to edit compute can trigger XSS against other users, potentially leading to arbitrary code execution and theft of the higher-privileged user’s ant...

6.5CVSS6.2AI score0.0096EPSS
Exploits0References2Affected Software1
Microsoft KB
Microsoft KB
added 2016/09/13 7:0 a.m.40 views

MS16-107: Description of the security update for PowerPoint 2013: September 13, 2016

MS16-107: Description of the security update for PowerPoint 2013: September 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilitie...

9.3CVSS7.7AI score0.17235EPSS
Exploits0
CNVD
CNVD
added 2015/10/22 12:0 a.m.2 views

Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2015-06850)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, and other capabilities. oracle Outside In Technology is one of the software development...

1.5CVSS6.6AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/22 12:0 a.m.4 views

Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2015-06849)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, and other capabilities. oracle Outside In Technology is one of the software development...

1.5CVSS6.5AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2015/10/21 9:59 p.m.24 views

CVE-2015-4811

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809...

1.5CVSS5.4AI score0.00328EPSS
Exploits0References3
Prion
Prion
added 2015/10/21 9:59 p.m.18 views

Buffer overflow

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811...

1.5CVSS5.6AI score0.00335EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/10/21 9:59 p.m.18 views

Buffer overflow

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809...

1.5CVSS5.6AI score0.00335EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/10/21 9:0 p.m.56 views

CVE-2015-4809

CVE-2015-4809 affects Oracle Outside In Technology (PDF Export SDK) used in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2. The vulnerability is described as unspecified and local, allowing a denial of service via the Outside In PDF Export SDK. Impact is limited to availability (CVSS v2 base score 1....

1.5CVSS5.5AI score0.00335EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/10/21 9:0 p.m.28 views

CVE-2015-4809

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811...

5.4AI score0.00335EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/12/07 12:0 a.m.20 views

Fedora 21 : libreoffice-4.3.4.1-8.fc21 (2014-15968)

Don't create duplicate Mirrored props which can lead to creating odp files which cannot be reloaded Fix abrt crash with NULL pView Crash in clipboard code Fix export to pdf of Nimbus Sans L etc when using typographical quotes etc. Fixes for various crashes on importing malformed rtf New bugfix...

5.6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/07/10 12:0 a.m.35 views

Debian DSA-2975-1 : phpmyadmin - security update

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. -...

6.5CVSS7.3AI score0.01832EPSS
Exploits1References12
Debian
Debian
added 2014/07/09 7:24 p.m.40 views

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

6.5CVSS2.9AI score0.08753EPSS
Exploits7
Rows per page
Query Builder