251 matches found
SUSE-SU-2020:1937-1 Security update for cairo
This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leak...
WordPress Post PDF Export plugin <= 1.0.1 - Unauthenticated Local File Inclusion (LFI) vulnerability
Unauthenticated Local File Inclusion LFI vulnerability discovered by Random Robbie in WordPress Post PDF Export plugin versions = 1.0.1. Solution Plugin closed. Deactivate and delete...
Visma Public: HTML-injection in PDF-export leads to LFI
The researcher was able to extract contents of files using the pdf-generator in "Yearly Financial Statements". This was done by adding an IFRAME-tag inside the companyname. Once rendered in Yearly Financial Statements, it included the file the IFRAME was pointing to. In this POC it was /etc/passw...
CVE-2019-10177
It was found that PDF export component in CloudForms was vulnerable to cross-side scripting XSS as user input was not properly sanitized. An authenticated attacker with privileges to edit compute could use the XSS vulnerability against users, which could lead to arbitrary code execution, and...
Red Hat CloudForms Cross-Site Scripting Vulnerability
Red Hat CloudForms is a hybrid infrastructure management platform from Red Hat, Inc. The platform provides deployment, management, and other capabilities across virtual machines, clouds, containers, and physical infrastructure. A cross-site scripting vulnerability exists in the PDF export module ...
CVE-2019-10177
A stored cross-site scripting XSS vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to...
Cross site scripting
A stored cross-site scripting XSS vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to...
CVE-2019-10177
A stored cross-site scripting XSS vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to...
CVE-2019-10177
CloudForms (Red Hat) PDF export module in versions 5.9 and 5.10 is affected by a stored XSS due to unsanitized user input. An attacker with privileges to edit compute can trigger XSS against other users, potentially leading to arbitrary code execution and theft of the higher-privileged user’s ant...
MS16-107: Description of the security update for PowerPoint 2013: September 13, 2016
MS16-107: Description of the security update for PowerPoint 2013: September 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilitie...
Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2015-06850)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, and other capabilities. oracle Outside In Technology is one of the software development...
Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2015-06849)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, and other capabilities. oracle Outside In Technology is one of the software development...
CVE-2015-4811
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809...
Buffer overflow
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811...
Buffer overflow
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809...
CVE-2015-4809
CVE-2015-4809 affects Oracle Outside In Technology (PDF Export SDK) used in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2. The vulnerability is described as unspecified and local, allowing a denial of service via the Outside In PDF Export SDK. Impact is limited to availability (CVSS v2 base score 1....
CVE-2015-4809
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811...
Fedora 21 : libreoffice-4.3.4.1-8.fc21 (2014-15968)
Don't create duplicate Mirrored props which can lead to creating odp files which cannot be reloaded Fix abrt crash with NULL pView Crash in clipboard code Fix export to pdf of Nimbus Sans L etc when using typographical quotes etc. Fixes for various crashes on importing malformed rtf New bugfix...
Debian DSA-2975-1 : phpmyadmin - security update
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. -...
phpmyadmin security update
Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...