220 matches found
Mageia: Security Advisory (MGASA-2025-0059)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated php-tcpdf packages fix security vulnerabilities
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. CVE-2024-56519 An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. CVE-2024-56521 An issue was discovered in...
MGASA-2025-0059 Updated php-tcpdf packages fix security vulnerabilities
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. CVE-2024-56519 An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. CVE-2024-56521 An issue was discovered in...
PT-2025-02: Access to files or directories to external paties in TCPDF
The vulnerability was identified in TCPDF, version 6.8.0. The discovered vulnerability allows an attacker to transmit a specially created HTML file containing an image in Base64 format. Using the specified payload, the attacker can access an arbitrary image outside of the directory. Vulnerability...
Cross-Site Scripting (XSS)
tecnickcom/tcpdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Error function lacking an htmlspecialchars call for the error message, which allows an attacker to inject malicious scripts into the error message...
Unsafe SSL Verification
tecnickcom/tcpdf is vulnerable to Unsafe SSL verification. The vulnerability is due to improper handling of SSL verification settings in TCPDF when using libcurl, where CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely. It allows an attacker to perform a Man-in-the-Middle MitM attack...
Fedora 41 : php-tcpdf (2024-7d6412477b)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7d6412477b advisory. Version 6.8.0 2024-12-23 - Requires PHP 7.1+ and curl extension. - Escape error message. - Use strict time-constant function to compare TCPDF-tag...
Fedora 40 : php-tcpdf (2024-d6b0e72e3d)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d6b0e72e3d advisory. Version 6.8.0 2024-12-23 - Requires PHP 7.1+ and curl extension. - Escape error message. - Use strict time-constant function to compare TCPDF-tag...
TCPDF has incorrect comparison
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
TCPDF missing character escape on error messages
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
GHSA-QX95-CWH6-9MVQ TCPDF missing character escape on error messages
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
GHSA-W95C-7994-GHPR TCPDF has incorrect comparison
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
TCPDF missing certificate validation
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
TCPDF lacks SVG sanitization
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...
GHSA-4P8J-VHJM-6PVW TCPDF lacks SVG sanitization
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...
GHSA-9MGX-552F-59P6 TCPDF missing certificate validation
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...
CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
DEBIAN-CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
UBUNTU-CVE-2024-56527
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...
CVE-2024-56522
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...