Lucene search
K

54 matches found

NVD
NVD
added 2018/12/17 7:29 a.m.18 views

CVE-2017-18352

Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting XSS from invalid URLs...

6.1CVSS6AI score0.00588EPSS
Exploits1References3
Prion
Prion
added 2018/12/17 7:29 a.m.16 views

Code injection

Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files...

5CVSS7.4AI score0.01089EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/12/17 7:29 a.m.28 views

CVE-2017-18353

Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...

7.5CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2018/12/17 7:29 a.m.17 views

CVE-2017-18355

Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files...

7.5CVSS6.8AI score
Exploits0References3
CVE
CVE
added 2018/12/17 6:0 a.m.55 views

CVE-2017-18354

Rendertron 1.0.0 is affected by a Local File Inclusion (LFI) vulnerability triggered by using alternative protocols such as file://, enabling remote attackers to read arbitrary local files. Technical details on affected components, exploit vectors, and fixes are not provided in the connected docu...

7.5CVSS7.4AI score0.01199EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/12/17 6:0 a.m.29 views

CVE-2017-18353

Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...

7.4AI score0.01151EPSS
Exploits1References3
CVE
CVE
added 2018/12/17 6:0 a.m.59 views

CVE-2017-18353

Rendertron 1.0.0 exposes an unauthenticated HTTP GET endpoint at _ah/stop that shuts down the Chrome instance handling render requests. Several linked advisories (SUSe CVE entry, GHSA advisory, OSV/OSVDB) and CNVD entries confirm this route allows any unauthorized remote attacker to disable the c...

7.5CVSS7.4AI score0.01151EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/12/17 6:0 a.m.69 views

CVE-2017-18355

CVE-2017-18355 affects Rendertron 1.0.0. The issue allows remote attackers to disclose server file paths by inspecting the '_where' attribute of package.json files in node_modules, effectively enabling absolute path disclosure. The description and connected sources consistently describe this expo...

7.5CVSS7.4AI score0.01089EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/12/17 6:0 a.m.61 views

CVE-2017-18352

CVE-2017-18352 affects Rendertron 1.0.0, where error reporting enables reflected XSS via invalid URLs. An attacker could lure a user to view a crafted URL to trigger script execution in the victim’s browser. The documents confirm the vulnerability and reference related patches/issues, but do not ...

6.1CVSS6AI score0.00588EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/12/17 6:0 a.m.24 views

CVE-2017-18352

Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting XSS from invalid URLs...

6AI score0.00588EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/12/17 6:0 a.m.31 views

CVE-2017-18354

Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion LFI bug where arbitrary files can be read by a remote attacker...

7.5AI score0.01199EPSS
Exploits1References3
CNVD
CNVD
added 2018/12/17 12:0 a.m.2 views

Rendertron Local File Inclusion Vulnerability

Rendertron is Google's open source Chrome rendering solution designed to instantly render web pages. Rendertron 1.0.0 suffers from a local file inclusion vulnerability that can be exploited by remote attackers to read arbitrary files via an alternate protocol...

7.5CVSS6.7AI score0.01199EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/17 12:0 a.m.2 views

Rendertron Cross-Site Scripting Vulnerability

Rendertron is Google's open source Chrome rendering solution designed to instantly render web pages. A bug in Rendertron 1.0.0 reports a reflected cross-site scripting vulnerability that can be exploited by an attacker via an invalid URL to conduct a cross-site scripting attack...

6.1CVSS6.2AI score0.00588EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/17 12:0 a.m.3 views

Rendertron Absolute Path Disclosure Vulnerability

Rendertron is Google's open source Chrome rendering solution designed to instantly render web pages. Rendertron 1.0.0 suffers from an absolute path disclosure vulnerability, which stems from nodemodules in Rendertron exposing installed packages, which can be exploited by a remote attacker to read...

7.5CVSS6.7AI score0.01089EPSS
Exploits1References1
Rows per page
Query Builder