10 matches found
CVE-2024-25696 Stored XSS in Portal for ArcGIS
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack...
CVE-2024-25696
CVE-2024-25696 is a cross-site scripting vulnerability in Esri Portal for ArcGIS affecting versions 11.0 and earlier. An attacker with remote access and high privileges (authenticated) can construct a link that causes the page editor to render an image in the victim’s browser, implying a stored/r...
OESA-2023-1489 qt5-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before...
OESA-2023-1387 qt5-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established,...
SUSE CVE-2020-16304
A buffer overflow vulnerability in imagerendercolorthresh in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51...
OSV-2022-177 UNKNOWN READ in gx_dc_default_fill_masked
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44855 Crash type: UNKNOWN READ Crash state: gxdcdefaultfillmasked copyportrait imagerendersimple...
The vulnerability of the image_render_color_thresh() function (base/gxicolor.c) in the software for processing, transforming, and generating Ghostscript documents allows a hacker to trigger a service failure.
The vulnerability of the imagerendercolorthresh function base/gxicolor.c in the software for processing, transforming, and generating Ghostscript documents is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
Artifex Software Ghostscript Buffer Overflow Vulnerability (CNVD-2020-46256)
Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...
ALPINE-CVE-2020-16304
A buffer overflow vulnerability in imagerendercolorthresh in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51...
DEBIAN-CVE-2020-16304
A buffer overflow vulnerability in imagerendercolorthresh in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51...