Lucene search
+L

220 matches found

OpenVAS
OpenVAS
added 2025/02/13 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2025-0059)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.1AI score0.00752EPSS
Exploits1References4
Mageia
Mageia
added 2025/02/12 9:31 p.m.37 views

Updated php-tcpdf packages fix security vulnerabilities

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. CVE-2024-56519 An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. CVE-2024-56521 An issue was discovered in...

9.8CVSS6.8AI score0.00752EPSS
Exploits1References2
OSV
OSV
added 2025/02/12 9:31 p.m.11 views

MGASA-2025-0059 Updated php-tcpdf packages fix security vulnerabilities

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. CVE-2024-56519 An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. CVE-2024-56521 An issue was discovered in...

9.8CVSS7.3AI score0.00752EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/01/26 12:0 a.m.8 views

PT-2025-02: Access to files or directories to external paties in TCPDF

The vulnerability was identified in TCPDF, version 6.8.0. The discovered vulnerability allows an attacker to transmit a specially created HTML file containing an image in Base64 format. Using the specified payload, the attacker can access an arbitrary image outside of the directory. Vulnerability...

6.9CVSS7.1AI score
Exploits0
Veracode
Veracode
added 2025/01/08 8:36 a.m.12 views

Cross-Site Scripting (XSS)

tecnickcom/tcpdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Error function lacking an htmlspecialchars call for the error message, which allows an attacker to inject malicious scripts into the error message...

7.5CVSS6.6AI score0.00752EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2025/01/08 1:50 a.m.15 views

Unsafe SSL Verification

tecnickcom/tcpdf is vulnerable to Unsafe SSL verification. The vulnerability is due to improper handling of SSL verification settings in TCPDF when using libcurl, where CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. It allows an attacker to perform a Man-in-the-Middle MitM attack...

9.8CVSS7AI score0.00748EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/08 12:0 a.m.14 views

Fedora 41 : php-tcpdf (2024-7d6412477b)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7d6412477b advisory. Version 6.8.0 2024-12-23 - Requires PHP 7.1+ and curl extension. - Escape error message. - Use strict time-constant function to compare TCPDF-tag...

9.8CVSS5.7AI score0.00752EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/01/08 12:0 a.m.16 views

Fedora 40 : php-tcpdf (2024-d6b0e72e3d)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d6b0e72e3d advisory. Version 6.8.0 2024-12-23 - Requires PHP 7.1+ and curl extension. - Escape error message. - Use strict time-constant function to compare TCPDF-tag...

9.8CVSS5.7AI score0.00752EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/12/27 6:30 a.m.28 views

TCPDF has incorrect comparison

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS6.8AI score0.00615EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/27 6:30 a.m.28 views

TCPDF missing character escape on error messages

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS6.9AI score0.00752EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2024/12/27 6:30 a.m.12 views

GHSA-QX95-CWH6-9MVQ TCPDF missing character escape on error messages

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

4.8CVSS7.4AI score0.00752EPSS
Exploits1References7
OSV
OSV
added 2024/12/27 6:30 a.m.13 views

GHSA-W95C-7994-GHPR TCPDF has incorrect comparison

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS7.3AI score0.00615EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/12/27 6:30 a.m.20 views

TCPDF missing certificate validation

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.8CVSS6.9AI score0.00748EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/27 6:30 a.m.22 views

TCPDF lacks SVG sanitization

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS6.8AI score0.00624EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/12/27 6:30 a.m.14 views

GHSA-4P8J-VHJM-6PVW TCPDF lacks SVG sanitization

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

5.3CVSS7.4AI score0.00624EPSS
Exploits0References6
OSV
OSV
added 2024/12/27 6:30 a.m.15 views

GHSA-9MGX-552F-59P6 TCPDF missing certificate validation

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

8.2CVSS7.4AI score0.00748EPSS
Exploits0References5
NVD
NVD
added 2024/12/27 6:15 a.m.16 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS0.00752EPSS
Exploits1References5
OSV
OSV
added 2024/12/27 6:15 a.m.2 views

DEBIAN-CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS5.2AI score0.00752EPSS
Exploits1References1
OSV
OSV
added 2024/12/27 6:15 a.m.6 views

UBUNTU-CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS5.8AI score0.00752EPSS
Exploits1References6
NVD
NVD
added 2024/12/27 5:15 a.m.14 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS0.00615EPSS
Exploits0References5
Rows per page
Query Builder