CPE Details
Tcpdf Project Tcpdf 6.0.081
6.0.081
2019-10-08
11h58 +00:00
11h58 +00:00
2019-10-08
11h58 +00:00
11h58 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:tcpdf_project:tcpdf:6.0.081:*:*:*:*:*:*:*
Informations
Vendor
tcpdf_projectProduct
tcpdfVersion
6.0.081Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. | 9.8 |
Critique |
||
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | 7.5 |
Haute |
||
| An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | 7.5 |
Haute |
||
| An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. | 7.5 |
Haute |
||
| TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. | 7.5 |
Haute |
||
| TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. | 7.5 |
Haute |
||
| TCPDF before 6.7.4 mishandles calls that use HTML syntax. | 6.1 |
Moyen |
||
| tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | 7.5 |
Haute |
