2875 matches found
openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:0419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Task Manager module of the VitalPBX unified communication system allows a hacker to execute arbitrary commands.
The vulnerability of the Task Manager module of the VitalPBX unified communication system is related to errors in access control due to insufficient protection of service data during script processing from the /var/lib/vitalpbx directory. Exploiting this vulnerability allows a remote attacker to...
External Control Of Filename
phenx/php-svg-lib is vulnerable to External Control of Filename. The vulnerability is due to insecure handling of inline CSS font definitions, allowing an attacker to deserialize a PHAR file through the phar:// URL handler. Note that remote code execution is only possible on PHP versions less the...
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerability (USN-6650-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6650-1 advisory. Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local...
GHSA-97M3-52WR-XVV2 Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...
CVE-2024-25828
cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/templateadmin.php...
CVE-2024-25828
CMSEasy v7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. From the documents: vulnerable component is the file lib/admin/template_admin.php; impact is arbitrary file deletion with no confidentiality impact but potential integrity/availability effects; attack v...
php-svg-lib lacks path validation on font through SVG inline styles
Summary php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP href, 0, 7 === "phar://" || $this-document-allowExternalReferences === false && \strtolower\substr$this-href, 0, 5 !== "data:" unset$style"font-family"; PoC Parsing the following SVG...
DEBIAN-CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
Design/Logic Flaw
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117 php-svg-lib lacks path validation on font through SVG inline styles
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117 php-svg-lib lacks path validation on font through SVG inline styles
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117 php-svg-lib lacks path validation on font through SVG inline styles
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
CVE-2024-25117
php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...
PT-2024-4034 · Unknown · Php-Svg-Lib
Name of the Vulnerable Software and Affected Versions: php-svg-lib versions prior to 0.5.2 Description: The issue is related to the failure of php-svg-lib to validate that the font-family does not contain a PHAR url, which may lead to remote code execution RCE on PHP versions less than 8.0...
CVE-2024-24386
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...
CVE-2024-25165
A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex...
CVE-2024-25165
A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex...