Microsoft Windows Font Subsetting Library Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fontsub.dll. The...

Apple Safari CSSFontFace Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

(Pwn2Own) Oracle VirtualBox vusbUrbSubmitCtrl Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Foxit PhantomPDF Denial of Service Vulnerability (CNVD-2019-24202)

Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit PhantomPDF versions prior to 8.3.11, which originates from the program not properly validating objects. An attacker could exploit this vulnerability to cause a denial of service...

Foxit PhantomPDF Denial of Service Vulnerability (CNVD-2019-24197)

PhantomPDF is a multifunctional PDF editor. A denial of service vulnerability exists in Foxit PhantomPDF versions prior to 8.3.11. The vulnerability stems from a failure to properly validate the existence of an object before performing operations on it during JavaScript execution. An attacker cou...

CVE-2019-14211

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript...

CVE-2019-14211

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript...

Design/Logic Flaw

An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript...

CVE-2019-14211

CVE-2019-14211 affects Foxit PhantomPDF before 8.3.11. The issue is a crash caused by lack of proper validation for the existence of an object before performing operations on it during JavaScript execution. The impact stated is application crash (availability) with exploitation tied to JavaScript...

PT-2019-13535 · Foxit · Foxit Phantompdf

Name of the Vulnerable Software and Affected Versions: Foxit PhantomPDF versions prior to 8.3.11 Description: The issue arises from the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript, which could cause the applicatio...

Microsoft Windows gdiplus EMF Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader XFA Form Remote Code Execution Vulnerability

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A remote code execution vulnerability exists in the handling of XFA forms in Foxit Reader 9.5.0.20723 and earlier versions. The vulnerability stems from a failure to validate the existence of an object before performing an...

Foxit PhantomPDF addWatermarkFromText Remote Code Execution Vulnerability

Foxit PhantomPDF is a multifunctional PDF editor. A remote code execution vulnerability exists in the removeField method in Foxit PhantomPDF 9.5.0.20723 and earlier versions when handling watermarks in AcroForm. The vulnerability stems from a failure to validate the existence of an object before...

Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA...

Foxit PhantomPDF addWatermarkFromText Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField...

Foxit PhantomPDF Button Calculate Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Unsafe Deserialization

jackson-databind is vulnerable to arbitrary code execution via unsafe deserrialization. Lack of object validation before deserialization allows an attacker to execute arbitrary code using polymorphic deserialization of a malicious gadget type...

CVE-2019-6770

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2019-6758

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...