6 matches found
CVE-2026-31898
Summary (CVE-2026-31898) jsPDF prior to 4.2.1 is affected by a PDF Object Injection flaw in the color parameter of createAnnotation. When unsanitized user input is passed to this API, an attacker could inject arbitrary PDF objects, including JavaScript actions, which may execute when the PDF is o...
CVE-2023-2981
A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...
CVE-2023-2979
A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
PT-2023-22428 · Abstrium · Abstrium Pydio Cells
Name of the Vulnerable Software and Affected Versions: Abstrium Pydio Cells version 4.2.0 Description: A problematic vulnerability has been found in Abstrium Pydio Cells, affecting the component Chat. This issue leads to basic cross-site scripting and can be initiated remotely. The manipulation...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to the generic pointer 'p' pointing to an inaccessible address in the getle64 function. Remediation Upgrade upx to version 4.2.1 or higher. References - GitHub Commit - GitHub Issue Credit: 14isnot40...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. Null pointer dereference was found in upx PackLinuxElf::canUnpack in plxelf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file. Remediation...