Search CVE reports
1 – 5 of 5 results
CVE-2022-25299
Medium priorityThis affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder.
1 affected packages
phantomjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phantomjs | — | — | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-7739
Medium priorityThis affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack.
1 affected packages
phantomjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phantomjs | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2015-9541
Low priorityQt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
5 affected packages
phantomjs, pyside, pyside2, qt4-x11, qtbase-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phantomjs | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
pyside | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
pyside2 | Vulnerable | Vulnerable | Vulnerable | Not in release | Needs evaluation |
qt4-x11 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
qtbase-opensource-src | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2019-17221
Medium priorityPhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and...
1 affected packages
phantomjs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phantomjs | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
CVE-2013-4549
Medium prioritySome fixes available 29 of 39
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
3 affected packages
phantomjs, qt4-x11, qtbase-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phantomjs | — | — | — | Not affected | Not affected |
qt4-x11 | — | — | — | Fixed | Fixed |
qtbase-opensource-src | — | — | — | Fixed | Fixed |