Lucene search
K

220 matches found

Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.13 views

PT-2024-36830 · Tcpdf +2 · Tcpdf +2

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in TCPDF. If libcurl is used, CURLOPT SSL VERIFYHOST and CURLOPT SSL VERIFYPEER are set unsafely. Recommendations: For versions prior to 6.8.0, update to version 6.8.0 or late...

9.8CVSS6.8AI score0.00748EPSS
Exploits0References24
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.12 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

6.8AI score0.00624EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.17 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS5.2AI score0.00752EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.5 views

PT-2024-36832 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References35
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.19 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS5.2AI score0.00624EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.9 views

CVE-2024-56520

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...

7.2AI score0.0055EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.7 views

PT-2024-36829 · Tcpdf +2 · Tcpdf +2

Name of the Vulnerable Software and Affected Versions: tc-lib-pdf-font versions prior to 2.6.4 TCPDF versions prior to 6.8.0 Description: The issue is related to the mishandling of fonts, specifically the misparsing of FontBBox for Type 1 and TrueType fonts. This problem affects the management of...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References31
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.14 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.8CVSS5.2AI score0.00748EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/12/27 12:0 a.m.15 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS5.2AI score0.00615EPSS
Exploits0
OSV
OSV
added 2024/12/27 12:0 a.m.16 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

7.5CVSS6.7AI score0.00752EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.18 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

0.00624EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.31 views

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

0.00752EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.31 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

0.00748EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.20 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

0.00615EPSS
Exploits0References4
OSV
OSV
added 2024/12/27 12:0 a.m.22 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5CVSS6.6AI score0.00615EPSS
Exploits0References7
OSV
OSV
added 2024/12/27 12:0 a.m.10 views

CVE-2024-56520

An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed...

7.3CVSS6.7AI score0.0055EPSS
Exploits0References8
OSV
OSV
added 2024/12/27 12:0 a.m.13 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS6.7AI score0.00624EPSS
Exploits0References6
OSV
OSV
added 2024/12/27 12:0 a.m.12 views

CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.8CVSS6.7AI score0.00748EPSS
Exploits0References5
CVE
CVE
added 2024/12/27 12:0 a.m.817 views

CVE-2024-56521

The CVE-2024-56521 issue affects TCPDF prior to 6.8.0. When libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely, enabling a high-severity, network‑based impact per CVSS 3.1 data (base score 9.8). Public advisories (e.g., Fedora updates FEDORA-2024-d6b0e72e3d and FE...

9.8CVSS7AI score0.00748EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/12/09 7:56 a.m.8 views

Local File Inclusion (LFI)

tecnickcom/tcpdf is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate validation of user-supplied input in the src tag, allowing a user to read arbitrary files from the server's file system and potentially expose sensitive information...

6.2CVSS6.5AI score0.00816EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder