Foxit Reader < 11.0.1 Multiple Vulnerabilities

According to its version, the Foxit Reader application installed on the remote Windows host is prior to 11.0.1. It is, therefore affected by multiple arbitrary code execution vulnerabilities due to a use-after-free flaw in the JavaScript engine. An authenticated, local attacker can exploit this b...

PT-2021-14823 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software’s PDF Reader version 11.0.0.49893 Description: A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader. A specially crafted PDF document can trigger the reuse of previously freed memory,...

Foxit Reader Field OnFocus event use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

CVE-2020-15660

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution...

Microsoft Edge 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in V8 in versions of Google Chrome prior to 92.0.4515.107. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

The vulnerability of Google Chrome’s V8 engine, related to the execution of operations beyond the buffer in memory, allows attackers to access confidential information or cause service failures.

The vulnerability of Google Chrome’s V8 engine is related to insufficient input validation. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...

CVE-2021-0514

In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-29970

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbird 78.12, Firefox ESR 78.12, and Firefox 90...

VulnCheck KEV: CVE-2021-30563

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

CVE-2021-29968

When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox 89.0.1...

CVE-2021-29944

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...

CVE-2021-29962

Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

UBUNTU-CVE-2021-30551

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Unspecified Vulnerability in JerryScript (CNVD-2021-42984)

JerryScript is a lightweight JavaScript engine . A security vulnerability exists in the parserparseobjectinitializer in js-parser-expr.c:3230 in JerryScript version 2.2.0. No details of the vulnerability are provided at this time...

Unspecified vulnerability in JerryScript (CNVD-2021-42987)

JerryScript is a lightweight JavaScript engine . A security vulnerability exists in parserparsestatements in js-parser-statm.c:2756 in JerryScript version 2.2.0. No details of the vulnerability are provided at this time...

Unspecified Vulnerability in JerryScript (CNVD-2021-42986)

JerryScript is a lightweight JavaScript engine . A security vulnerability exists in parserparseexpression in js-parser-expr.c:3565 in JerryScript version 2.2.0. No details of the vulnerability are provided at this time...

New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP!

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. The internet services company has rolled out an urgent update to the browser to address 14 newly discovered...

DEBIAN-CVE-2021-30536

Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page...

DEBIAN-CVE-2021-30517

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-30513

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...