Lucene search
+L

35 matches found

redhat
redhat
added 2026/06/30 6:58 a.m.6 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
redhat
redhat
added 2026/06/29 5:50 p.m.7 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
osv
osv
added 2026/06/25 6:0 a.m.4 views

RLSA-2026:28998 Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

7.8CVSS5.9AI score0.00529EPSS
Exploits1References2
nessus
nessus
added 2026/06/25 12:0 a.m.10 views

AlmaLinux 8 : evince (ALSA-2026:28998)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28998 advisory. atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen CVE-2026-46529 Tenable has extracted the preceding...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References3
nessus
nessus
added 2026/06/25 12:0 a.m.7 views

RockyLinux 8 : evince (RLSA-2026:28998)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28998 advisory. atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen CVE-2026-46529 Tenable has extracted the preceding...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References3
rocky
rocky
added 2026/06/24 12:3 p.m.11 views

evince security update

An update is available for evince. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evince packages provide a simple multi-page document viewer for Portable...

8.4CVSS5.9AI score0.00529EPSS
Exploits1
osv
osv
added 2026/06/24 12:0 a.m.6 views

ALSA-2026:28998 Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References4
redhat
redhat
added 2026/06/22 11:15 a.m.8 views

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References2
osv
osv
added 2026/06/22 12:0 a.m.5 views

ALSA-2026:27819 Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References4
nessus
nessus
added 2026/06/22 12:0 a.m.9 views

RHEL 9 : evince (RHSA-2026:27819)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27819 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...

8.4CVSS6AI score0.00529EPSS
Exploits1References4
almalinux
almalinux
added 2026/06/22 12:0 a.m.5 views

Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References4
osv
osv
added 2026/05/22 1:16 p.m.12 views

USN-8295-1 evince vulnerability

It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code...

8.4CVSS6.1AI score0.00529EPSS
Exploits1References2
ubuntu
ubuntu
added 2026/05/22 1:16 p.m.19 views

USN-8295-1: Evince vulnerability

It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code...

8.4CVSS6.1AI score0.00529EPSS
Exploits1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13758

Malware in sbrugna...

9.8CVSS9.2AI score0.02232EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-13755

Malware in sbrugna...

5.3CVSS5.6AI score0.00817EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/22 8:11 a.m.9 views

CVE-2018-21237

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action...

5.3CVSS6.9AI score0.00817EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:9 a.m.11 views

CVE-2018-21239

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action...

5.3CVSS6.9AI score0.00817EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 6:48 a.m.8 views

CVE-2018-21242

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action...

9.8CVSS7.6AI score0.02232EPSS
Exploits0References1
cnvd
cnvd
added 2020/06/05 12:0 a.m.3 views

Foxit PhantomPDF Information Disclosure Vulnerability (CNVD-2020-32466)

Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit PhantomPDF versions prior to 8.3.6. The vulnerability can be exploited by remote attackers to execute code via GoToE or GoToR operations...

9.8CVSS7.4AI score0.02232EPSS
Exploits0References1
cnvd
cnvd
added 2020/06/05 12:0 a.m.4 views

Foxit PhantomPDF NTLM Credential Stealing Vulnerability

Foxit PhantomPDF is China Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit PhantomPDF versions prior to 8.3.7. The vulnerability can be exploited to obtain NTLM credentials through GoToE or GoToR operations...

5.3CVSS6.8AI score0.00817EPSS
Exploits0References1
Rows per page
Query Builder