6685 matches found
CVE-2023-48302
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...
CVE-2023-37908
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...
CVE-2023-32763
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered...
CVE-2023-32070
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...
[SECURITY] Fedora 42 Update: ghostscript-10.05.1-1.fc42
This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...
CVE-2023-1709
Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process...
CVE-2025-5099
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution...
Malicious code in node-window-rendering (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware befb1266ed27dcb7e09a8725163d0f8ca44b89e36ee02b3bc3bf904d312e230a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4382 Malicious code in node-window-rendering (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware befb1266ed27dcb7e09a8725163d0f8ca44b89e36ee02b3bc3bf904d312e230a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-36037
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
CVE-2025-5099 KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution...
CVE-2025-5099
CVE-2025-5099 affects Mobile Dynamix PrinterShare Mobile Print (Android). The KoreLogic advisory KL-001-2025-004 states an Out-of-Bounds Write in the native library during PDF rendering (libpdfrender.so) can cause memory corruption and potentially arbitrary code execution. Affected version: up to...
CVE-2022-4862
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3...
Mobile Dynamix PrinterShare Mobile Print 安全漏洞
Foxit PDF Reader is a software for reading and working with PDF documents. A memory corruption vulnerability exists in Foxit PDF Reader. The vulnerability stems from an out-of-bounds write to the native library when attempting PDF rendering, resulting in memory corruption. An attacker can exploit...
PT-2025-22572 · Mobile Dynamix · Printershare Mobile Print
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution. Recommendations: A...
The vulnerability of the panthor_ioctl_groupdestroy() function in the DRI driver of the Linux operating system allows a malicious actor to cause a service failure.
The vulnerability of the panthorioctlgroupdestroy function in the DRI driver of the Linux operating system’s kernel is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to cause a service failure...
The vulnerability of the CalculateSwathAndDETConfiguration() function in the DRI driver for AMD GPU-based Linux operating systems allows a malicious actor to trigger a service failure.
The vulnerability of the CalculateSwathAndDETConfiguration function in the DRI driver for AMD kernel-based Linux operating systems is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the resource_log_pipe_topology_update() function in the DRI driver for AMD GPU-based Linux operating system allows a malicious actor to trigger a service failure.
The vulnerability of the resourcelogpipetopologyupdate function in the Direct Rendering Infrastructure DRI driver for AMD graphics cards in Linux operating systems is related to pointer manipulation. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the `acquire_otg_master_pipe_for_stream()` function in the DRI support driver for AMD graphics cards in Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the acquireotgmasterpipeforstream function in the DRI support driver for AMD graphics cards in Linux operating systems is related to a countable amount of significance loss. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the pvr_vm_gpuva_unmap() function in the DRI driver of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the pvrvmgpuvaunmap function in the DRI support driver for the Linux kernel relates to improper memory release before deleting the last pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...