Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for pdfreactor by realobjects

    CVE-2019-12154 (GCVE-0-2019-12154)

    Vulnerability from nvd – Published: 2019-06-11 20:35 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-05-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:30.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-11T20:35:33.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12154",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
                  "refsource": "CONFIRM",
                  "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
                },
                {
                  "name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
                  "refsource": "CONFIRM",
                  "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
                },
                {
                  "name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
                  "refsource": "MISC",
                  "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12154",
        "datePublished": "2019-06-11T20:35:34.000Z",
        "dateReserved": "2019-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:30.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12153 (GCVE-0-2019-12153)

    Vulnerability from nvd – Published: 2019-06-11 20:33 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-05-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:30.777Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-11T20:33:14.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12153",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
                  "refsource": "CONFIRM",
                  "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
                },
                {
                  "name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
                  "refsource": "CONFIRM",
                  "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
                },
                {
                  "name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
                  "refsource": "MISC",
                  "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12153",
        "datePublished": "2019-06-11T20:33:14.000Z",
        "dateReserved": "2019-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:30.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12154 (GCVE-0-2019-12154)

    Vulnerability from cvelistv5 – Published: 2019-06-11 20:35 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-05-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:30.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-11T20:35:33.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12154",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
                  "refsource": "CONFIRM",
                  "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
                },
                {
                  "name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
                  "refsource": "CONFIRM",
                  "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
                },
                {
                  "name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
                  "refsource": "MISC",
                  "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12154",
        "datePublished": "2019-06-11T20:35:34.000Z",
        "dateReserved": "2019-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:30.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12153 (GCVE-0-2019-12153)

    Vulnerability from cvelistv5 – Published: 2019-06-11 20:33 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-05-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:30.777Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-11T20:33:14.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12153",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
                  "refsource": "CONFIRM",
                  "url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
                },
                {
                  "name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
                  "refsource": "CONFIRM",
                  "url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
                },
                {
                  "name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
                  "refsource": "MISC",
                  "url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12153",
        "datePublished": "2019-06-11T20:33:14.000Z",
        "dateReserved": "2019-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:30.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }