15 matches found
Debian dla-4427 : php-dompdf - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4427 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4427-1 [email protected]...
Linux Distros Unpatched Vulnerability : CVE-2021-3838
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function...
CVE-2021-3838
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...
CVE-2021-3838
creationtimestamp| type| source ---|---|--- 2024-11-15 10:54:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113486597726053603 2025-12-30 16:28:13+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mb7rfvcyzk2b...
CVE-2021-3838 PHAR Deserialization in dompdf/dompdf
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...
CVE-2021-3838
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...
[SECURITY] [DLA 3495-2] php-dompdf regression update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-2 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès August 10, 2023 https://wiki.debian.org/LTS -...
USN-6277-2: Dompdf vulnerabilities
USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibl...
Ubuntu 22.04 LTS : Dompdf vulnerabilities (USN-6277-2)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6277-2 advisory. USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Tenable has extracted the preceding...
Ubuntu: Security Advisory (USN-6277-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3495 : php-dompdf - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3495 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-1 [email protected]...
[SECURITY] [DLA 3495-1] php-dompdf security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès July 13, 2023 https://wiki.debian.org/LTS -...
UBUNTU-CVE-2021-3838
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...
CVE-2021-3838
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...
Security fix for the ALT Linux 10 package tor version 0.4.7.8-alt1
0.4.7.8-alt1 built June 20, 2022 Hihin Ruslan in task 302306 --- June 18, 2022 Hihin Ruslan - Update version - CVE-2021-3838...