Lucene search
K

313 matches found

OSV
OSV
added 2022/11/08 12:0 a.m.28 views

ALSA-2022:7594 Moderate: poppler security and bug fix update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: A logic error in the Hints::Hints function can cause denial of service CVE-2022-27337 For more details about the security issues, including the impact, a CVSS score,...

6.5CVSS6.8AI score0.01547EPSS
Exploits1References4
Fedora
Fedora
added 2022/10/10 12:18 a.m.42 views

[SECURITY] Fedora 37 Update: poppler-22.08.0-2.fc37

poppler is a PDF rendering library...

7.8CVSS7.5AI score0.00574EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/10/10 12:0 a.m.28 views

Fedora: Security Advisory for poppler (FEDORA-2022-fcb3b063a6)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.7AI score0.00574EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/10/08 12:0 a.m.32 views

Fedora: Security Advisory for poppler (FEDORA-2022-f79aa2bae9)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.7AI score0.00574EPSS
Exploits1References2
Fedora
Fedora
added 2022/10/07 3:57 p.m.36 views

[SECURITY] Fedora 36 Update: poppler-22.01.0-6.fc36

poppler is a PDF rendering library...

7.8CVSS2.3AI score0.00574EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2022/09/29 12:0 a.m.46 views

Poppler: Arbitrary Code Execution

Background Poppler is a PDF rendering library based on the xpdf-3.0 code base. Description Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact Processing a specially crafted PDF file or JBIG2 image could lead to a crash ...

7.8CVSS8.4AI score0.75994EPSS
Exploits3
OpenVAS
OpenVAS
added 2022/09/26 12:0 a.m.26 views

Debian: Security Advisory (DLA-3120-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.02682EPSS
Exploits7References4
Ubuntu
Ubuntu
added 2022/09/14 11:9 p.m.31 views

USN-5606-2: poppler regression

USN-5606-1 fixed a vulnerability in poppler. Unfortunately it was missing a commit to fix it properly. This update provides the corresponding fix for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly...

5.9AI score
Exploits0References1
Ubuntu
Ubuntu
added 2022/09/12 6:25 p.m.71 views

USN-5606-1: poppler vulnerability

It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

7.8CVSS8.3AI score0.00574EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/09/08 12:0 a.m.25 views

Debian: Security Advisory (DSA-5224-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.01547EPSS
Exploits2References4
Debian
Debian
added 2022/09/06 7:32 p.m.45 views

[SECURITY] [DSA 5224-1] poppler security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5224-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 06, 2022 https://www.debian.org/security/faq -...

7.8CVSS8.4AI score0.01547EPSS
Exploits2
0day.today
0day.today
added 2022/07/31 12:0 a.m.183 views

Geonetwork 4.2.0 - XML External Entity Vulnerability

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/29 12:0 a.m.257 views

Geonetwork 4.2.0 XML Injection

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Date: 2022-July-11 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/07/29 12:0 a.m.340 views

Geonetwork 4.2.0 - XML External Entity (XXE)

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Date: 2022-July-11 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description:...

7.4AI score
Exploits0
NVD
NVD
added 2022/07/28 5:15 p.m.19 views

CVE-2016-4991

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

9.8CVSS0.01444EPSS
Exploits1References1
OSV
OSV
added 2022/07/28 5:15 p.m.5 views

CVE-2016-4991

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

9.8CVSS5.8AI score0.01444EPSS
Exploits1References1
Prion
Prion
added 2022/07/28 5:15 p.m.19 views

Input validation

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

7.5CVSS7.5AI score0.01444EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/28 4:33 p.m.20 views

CVE-2016-4991

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

9.7AI score0.01444EPSS
Exploits1References1
CVE
CVE
added 2022/07/28 4:33 p.m.46 views

CVE-2016-4991

CVE-2016-4991 affects the NodePDF tool, specifically version 1.3.0. The vulnerability arises because input passed to the Pdf() function is shell-escaped and handed to child_process.exec() during PDF rendering, and the escape does not encode all special characters (notably semicolon and curly brac...

9.8CVSS9.5AI score0.01444EPSS
Exploits1References1Affected Software1
Huntr
Huntr
added 2021/09/30 7:57 a.m.17 views

Static Code Injection in collectiveaccess/pawtucket2

Description This is with reference to another SSRF report I made https://huntr.dev/bounties/43505ece-7d5e-44b8-a7a3-69bd42d0ad02/ in which the fix was to filter external src from images. Pawtucket2 makes use of the same code as Providence to filter HTML, however it does not include the new fix...

0.2AI score
Exploits0References1
Rows per page
Query Builder