Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for pdfreactor by realobjects
CVE-2019-12154 (GCVE-0-2019-12154)
Vulnerability from cvelistv5 – Published: 2019-06-11 20:35 – Updated: 2024-08-04 23:10
VLAI
EPSS
VEX
Summary
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.pdfreactor.com/important-pdfreactor-s… | x_refsource_CONFIRM |
| https://www.pdfreactor.com/pdfreactor-10-maintena… | x_refsource_CONFIRM |
| https://blog.gdssecurity.com/labs/2019/5/28/ssrf-… | x_refsource_MISC |
Date Public
2019-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:35:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12154",
"datePublished": "2019-06-11T20:35:34.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12153 (GCVE-0-2019-12153)
Vulnerability from cvelistv5 – Published: 2019-06-11 20:33 – Updated: 2024-08-04 23:10
VLAI
EPSS
VEX
Summary
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.pdfreactor.com/important-pdfreactor-s… | x_refsource_CONFIRM |
| https://www.pdfreactor.com/pdfreactor-10-maintena… | x_refsource_CONFIRM |
| https://blog.gdssecurity.com/labs/2019/5/28/ssrf-… | x_refsource_MISC |
Date Public
2019-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:33:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12153",
"datePublished": "2019-06-11T20:33:14.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12154 (GCVE-0-2019-12154)
Vulnerability from nvd – Published: 2019-06-11 20:35 – Updated: 2024-08-04 23:10
VLAI
EPSS
VEX
Summary
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.pdfreactor.com/important-pdfreactor-s… | x_refsource_CONFIRM |
| https://www.pdfreactor.com/pdfreactor-10-maintena… | x_refsource_CONFIRM |
| https://blog.gdssecurity.com/labs/2019/5/28/ssrf-… | x_refsource_MISC |
Date Public
2019-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:35:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12154",
"datePublished": "2019-06-11T20:35:34.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12153 (GCVE-0-2019-12153)
Vulnerability from nvd – Published: 2019-06-11 20:33 – Updated: 2024-08-04 23:10
VLAI
EPSS
VEX
Summary
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.pdfreactor.com/important-pdfreactor-s… | x_refsource_CONFIRM |
| https://www.pdfreactor.com/pdfreactor-10-maintena… | x_refsource_CONFIRM |
| https://blog.gdssecurity.com/labs/2019/5/28/ssrf-… | x_refsource_MISC |
Date Public
2019-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:33:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12153",
"datePublished": "2019-06-11T20:33:14.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}