UBUNTU-CVE-2024-23450

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

PT-2023-30328 · Typo3 · Typo3/Html-Sanitizer

Name of the Vulnerable Software and Affected Versions: typo3/html-sanitizer versions prior to 1.5.3 typo3/html-sanitizer versions prior to 2.1.4 Description: The issue arises from incorrect handling of DOM processing instructions, allowing bypassing of the cross-site scripting mechanism of...

UBUNTU-CVE-2023-46250

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

CVE-2023-35126

An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, whic...

CVE-2023-35126

CVE-2023-35126 affects JustSystems Ichitaro 2023 where the vulnerability resides in the parsing of the DocumentViewStyles and DocumentEditStyles streams (record type 0x2008). The root cause is an out-of-bounds index into a 6-element lv_objects array used during readStyleType(2008), which enables ...

USN-6433-1 ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled certain PDF documents. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code...

ROS-20230911-05

Vulnerability in the document processing, conversion and generation software suite Ghostscript exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by using t...

OESA-2023-1561 poppler security update

poppler is a PDF rendering library. Security Fixes: Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.CVE-2020-23804 In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a...

ROS-20230414-01

A vulnerability in the Ghostscript document processing toolkit is related to a buffer overflow in the BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers. BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers, in case when the write buffer is underfilled by one byte and then a shielded...

PT-2022-11609 · Unknown · Visam Vbase

Name of the Vulnerable Software and Affected Versions: VISAM VBASE version 11.6.0.6 Description: The issue arises when VISAM VBASE processes an XML document containing XML entities with URIs that resolve to documents outside of the intended sphere of control. This causes the product to embed...

Adobe Acrobat和Adobe Reader 缓冲区错误漏洞

Adobe Acrobat and Adobe Reader are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. Adobe Acrobat and Adobe Reader has a buffer overflow vulnerability, the...

Adobe Acrobat和Adobe Acrobat Reader 缓冲区错误漏洞

Adobe Acrobat and Adobe Acrobat Reader are both products of the United States Ordoby Adobe.Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDF. Adobe Acrobat and Adobe Reader has a buffer overfl...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

Vulnerabilities fixed in Autodesk products

Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities potentially allow a malicious person to execute code under the application's permissions. To exploit requires a malicious party to trick a user into opening a rogue file open. The vulnerabilities are in two modules...

Remote Code Execution (RCE)

ruby-jss is vulnerable to remote code execution. The vulnerability exists due to the lack of validation which allows an attacker to execute scripts on the Plist when using Marshal.load during XML document processing...

GHSA-VMFH-C547-V45H Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

OpenCats 0.9.4-2 XML Injection

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...