CPE Details
Calibre E-book Calibre 2.27.0
2.27.0
2018-10-09
13h16 +00:00
13h16 +00:00
2018-10-09
13h16 +00:00
13h16 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:calibre-ebook:calibre:2.27.0:*:*:*:*:*:*:*
Informations
Vendor
calibre-ebookProduct
calibreVersion
2.27.0Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. | 7.1 |
Haute |
||
| Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. | 6.1 |
Moyen |
||
| Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. | 7.5 |
Haute |
||
| link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. | 7.5 |
Haute |
||
| calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. | 7.5 |
Haute |
||
| The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | 5.5 |
Moyen |
