87 matches found
Siemens Teamcenter PDF.js Arbitrary Code Execution (SSA-827383)
The version of Siemens Teamcenter installed on the remote host is affected by a vulnerability: - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. CVE-2024-4367 Note that Nessus has not tested for this issue but has...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pdfjs-dist-2.4.456.tgz
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pdfjs-dist-2.4.456.tgz Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js...
Security Bulletin: IBM ICCSAP cross site scripting vulnerablity fix.
Summary Vulnerability were disclosed part of Cross Site Scripting With PDF Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126,...
Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox
CVE-2024-4367 POC for PDF.js POC for PDF.js' CVE-2024-4367 vu...
TencentOS Server 3: firefox (TSSA-2024:0240)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0240 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox
!IMPORTANT This repository is designed for learning about vu...
Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
Exploit Title: Firefox ESR 115.11 - Arbitrary JavaScript execution in PDF.js Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Mozilla Firefox arbitrary code execution vulnerability [CVE-2024-4367]
Summary Potential Mozilla Firefox arbitrary code execution vulnerability CVE-2024-4367 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-436...
Atlassian Confluence 3.0.x < 7.19.25 / 7.20.x < 8.5.11 / 8.6.x < 8.9.3 (CONFSERVER-98205)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98205 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability...
openSUSE Security Advisory (SUSE-SU-2024:1858-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress DearFlip Plugin <= 2.2.55 is vulnerable to Cross Site Scripting (XSS)
Software DearFlip Type Plugin Vulnerable versions = 2.2.55 Fixed in 2.2.56 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8b20eae5d21 Credits m3ez Required...
Debian dsa-5742 : odoo-14 - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5742 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5742-1 [email protected] https://www.debian.org/security/...
WordPress PDF Viewer for Elementor Plugin <= 2.9.3 is vulnerable to Cross Site Scripting (XSS)
Software PDF Viewer for Elementor Type Plugin Vulnerable versions = 2.9.3 Fixed in N/A OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 769c101f6b45 Credits Yudistira...
WordPress EmbedPress Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)
Software EmbedPress Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 86a2108fb08b Credits Yudistira Arya Required privilege...
WordPress PDF.js Viewer Plugin <= 2.1.8.1 is vulnerable to Cross Site Scripting (XSS)
Software PDF.js Viewer Type Plugin Vulnerable versions = 2.1.8.1 Fixed in 2.2 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8e9d442ad86 Credits Yudistira Arya...
WordPress PDF Embedder Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)
Software PDF Embedder Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.8.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7794a505b744 Credits m3ez Required...
WordPress ARI Fancy Lightbox Plugin <= 1.3.14 is vulnerable to Cross Site Scripting (XSS)
Software ARI Fancy Lightbox Type Plugin Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID c2fee65eb87c Credits Yudistira...
WordPress Wonder PDF Embed Plugin <= 2.7 is vulnerable to Cross Site Scripting (XSS)
Software Wonder PDF Embed Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 563e16943dd0 Credits Yudistira Arya Required privilege Author...
RLSA-2024:3783 Moderate: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsi...
RLSA-2024:3784 Moderate: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...