2269 matches found
CVE-2024-46951
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution...
Artifex Ghostscript 安全漏洞
Artifex Ghostscript is a free software package from Artifex, Inc. based on Adobe, PostScript, and the Portable Document Format page description language. A security vulnerability exists in Artifex Ghostscript prior to version 10.04.0, which is caused by an unchecked implementation pointer in the...
CVE-2024-46951
CVE-2024-46951 is an issue in Artifex Ghostscript (Pattern color space) where an unchecked Implementation pointer could lead to arbitrary code execution. Connected advisories confirm this affects Ghostscript’s PostScript/PDF interpreter and note a developer-identified fix in ghostpdl-10.04.0, add...
CVE-2024-51695
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...
CVE-2024-51695 WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...
CVE-2024-51695 WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...
CVE-2024-51695
CVE-2024-51695 describes a reflected XSS in Fabrica Synced Pattern Instances (Fabrica Synced Pattern Instances plugin) caused by improper input neutralization during web page generation. Affected: Fabrica Synced Pattern Instances from n/a through 1.0.8. The connected documents corroborate the vul...
WordPress plugin Fabrica Synced Pattern Instances 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
PT-2024-34842 · Unknown · Fabrica Synced Pattern Instances
Name of the Vulnerable Software and Affected Versions: Fabrica Synced Pattern Instances versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS in Fabrica Synced...
OESA-2024-2359 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: VUL-0: CVE-2024-46951: ghostscript: Arbitrary code execution via unchecked "Implementation" pointer in "Pattern"...
OESA-2024-2358 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: VUL-0: CVE-2024-46951: ghostscript: Arbitrary code execution via unchecked "Implementation" pointer in "Pattern"...
OESA-2024-2357 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: VUL-0: CVE-2024-46951: ghostscript: Arbitrary code execution via unchecked "Implementation" pointer in "Pattern"...
OESA-2024-2356 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: VUL-0: CVE-2024-46951: ghostscript: Arbitrary code execution via unchecked "Implementation" pointer in "Pattern"...
CVE-2024-51995
Combodo iTop is affected by a logic bug in ajax.render.php that allows bypassing backOffice access control by crafting arbitrary routes, unless an allowed operation is specified. The issue is resolved in version 3.2.0 by applying the same access-control pattern used in UI.php to ajax.render.php, ...
Security update for ghostscript
This update for ghostscript fixes the following issues: CVE-2024-46951: Fixed arbitrary code execution via unchecked "Implementation" pointer in "Pattern" color space bsc1232265. CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code...
Security update for ghostscript
This update for ghostscript fixes the following issues: CVE-2024-46951: Fixed arbitrary code execution via unchecked "Implementation" pointer in "Pattern" color space bsc1232265. CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code...
GHSA-F3F8-VX3W-HP5Q codechecker vulnerable to authentication bypass when using specifically crafted URLs
Summary Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. Details All...
MAL-2024-10379 Malicious code in @common-pattern/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 22ade4254f9af0310378acce0750c95eaba714619e5cda80c46ca9226d3c2b22 The OpenSSF Package Analysis project identified '@common-pattern/components' @ 8.2.9 npm as malicious. It is considered malicious because: - The...
Malicious code in @common-pattern/components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 22ade4254f9af0310378acce0750c95eaba714619e5cda80c46ca9226d3c2b22 The OpenSSF Package Analysis project identified '@common-pattern/components' @ 8.2.9 npm as malicious. It is considered malicious because: - The...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient filtering of data. Note: This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Pattern Lab. The package...