1162 matches found
RLSA-2024:3999 Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...
CVE-2024-0845
The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
PT-2024-15862 · WordPress · Pdf Viewer For Elementor
Name of the Vulnerable Software and Affected Versions: PDF Viewer for Elementor plugin for WordPress versions up to, and including, 2.9.3 Description: The issue is related to Stored Cross-Site Scripting via the render function due to insufficient input sanitization and output escaping. This allow...
CVE-2024-4404
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...
PT-2024-30907 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit PRO plugin for WordPress versions up to, and including, 3.6.2 Description: The issue allows authenticated attackers with contributor-level permissions and above to conduct Server-Side Request Forgery via the render raw function...
GHSA-HX3M-959F-V849 ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
ZendView is a component that utilizes PHP as a templating language. To utilize it, you specify "script paths" that contain view scripts, and then render view scripts by specifying subdirectories within those script paths; the output is then returned as a string value which may be cached or direct...
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
ZendView is a component that utilizes PHP as a templating language. To utilize it, you specify "script paths" that contain view scripts, and then render view scripts by specifying subdirectories within those script paths; the output is then returned as a string value which may be cached or direct...
GO-2024-2747 Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo
Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo...
RHEL 6 : xorg-x11-server (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xorg-x11-server: unvalidated lengths in RENDER extension CVE-2017-12187 - In the X.Org X server before...
RHEL 7 : xorg-x11-server (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xorg-x11-server: unvalidated lengths in RENDER extension CVE-2017-12187 - The ProcPutImage function in...
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...
GitLab 15.11 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-2454)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoi...
GitLab < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-2651)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for...
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...
SUSE CVE-2024-32875
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...