11 matches found
CVE-2026-22728
CVE-2026-22728 concerns Bitnami Sealed Secrets during the secret rotation flow (/v1/rotate). The rotation process derives the new sealing scope from input SealedSecret metadata, and untrusted annotations in the template can widen the scope to cluster-wide (sealedsecrets.bitnami.com/cluster-wide=t...
EUVD-2020-23514
Malware in sbrugna...
CVE-2020-35931
An issue was discovered in Foxit Reader before 10.1.1 and before 4.1.1 on macOS and PhantomPDF before 9.7.5 and 10.x before 10.1.1 and before 4.1.1 on macOS. An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subty...
Falsifying and weaponizing certified PDFs
The Portable Document Format PDF file type is one of the most common file formats in use today. Its value comes from the fact that PDFs always print the same way, and that PDFs are supposed to be read-only unlike a Word document, say, which is designed to be easy to edit. This immutability can be...
Foxit PhantomPDF < 4.1.3 PDF Spoofing (macOS)
The version of Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 4.1.3. It is, therefore, affected by a PDF spoofing vulnerability. An Evil Annotation Attack may deliver incorrect validation results when validating certain certified PDF files whose visible content was...
CVE-2020-35931
An issue was discovered in Foxit Reader before 10.1.1 and before 4.1.1 on macOS and PhantomPDF before 9.7.5 and 10.x before 10.1.1 and before 4.1.1 on macOS. An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subty...
CVE-2020-35931
An issue was discovered in Foxit Reader before 10.1.1 and before 4.1.1 on macOS and PhantomPDF before 9.7.5 and 10.x before 10.1.1 and before 4.1.1 on macOS. An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subty...
Code injection
An issue was discovered in Foxit Reader before 10.1.1 and before 4.1.1 on macOS and PhantomPDF before 9.7.5 and 10.x before 10.1.1 and before 4.1.1 on macOS. An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subty...
CVE-2020-35931
Foxit PDF products are affected by CVE-2020-35931: Foxit Reader before 10.1.1 and PhantomPDF before 9.7.5, and 10.x before 10.1.1 (also macOS 4.1.x) are vulnerable to an Evil Annotation Attack that can spoof certified PDFs by not handling a null Subtype in the Annotation dictionary during increme...
CVE-2020-35931
An issue was discovered in Foxit Reader before 10.1.1 and before 4.1.1 on macOS and PhantomPDF before 9.7.5 and 10.x before 10.1.1 and before 4.1.1 on macOS. An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subty...
Foxit Reader和Foxit PhantomPDF 代码问题漏洞
Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit Reader and PhantomPDF, which can be exploited by attackers to spoof authenticated PDF documents via a malicious annotation attack, as the product does not take in...