PT-2023-4414 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

CVE-2023-33876

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. ...

PT-2023-3891 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 12.1.2.15332 Description: A use-after-free vulnerability exists in the way Foxit Reader handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously...

maven bug fix and enhancement update

An update is available for plexus-interpolation, httpcomponents-core, maven-wagon, maven, google-guice, jsoup, jansi, apache-commons-io, apache-commons-lang3, maven-shared-utils, plexus-utils, plexus-classworlds, jakarta-annotations, httpcomponents-client, apache-commons-codec, plexus-cipher,...

Adobe Acrobat Reader DC Annotation Highlight popupOpen Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

jackson security update

jackson-annotations 2.14.1-1 - Update to version 2.14.1 - Resolves: 2070122 jackson-core 2.14.1-1 - Update to version 2.14.1 - Resolves: 2070122 jackson-databind 2.14.1-1 - Update to version 2.14.1 - Resolves: 2070122 jackson-jaxrs-providers 2.14.1-1 - Update to version 2.14.1 - Resolves: 2070122...

Malicious code in schema2x-annotations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14cc8a264046041e2d275a0a2e465eb74b50c5ff3824a6330b7253196e8b6fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-763 Malicious code in schema2x-annotations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14cc8a264046041e2d275a0a2e465eb74b50c5ff3824a6330b7253196e8b6fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

This Week in Spring - March 7th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's an amazing week, and this week we've got a lot to look at. Let's dive right into it. Spring Cloud Function for Azure Function Spring Data 2022.0.3 and 2021.2.9 released Spring R2DBC for Reactive Relational Databases in...

CVE-2023-26475 XWiki Platform vulnerable to Remote Code Execution in Annotations

XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki...

CVE-2023-26475 XWiki Platform vulnerable to Remote Code Execution in Annotations

XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki...

xwiki-platform vulnerable to Remote Code Execution in Annotations

Impact The annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. To reproduce: add an annotation with the content groovyprint "hello"/groovy and click the yellow scare to g...

SUSE CVE-2021-25746

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default configuration, that...

SUSE CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall...

SUSE CVE-2022-42928

Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

CVE-2023-25571 Backstage has XSS Vulnerability in Software Catalog

Backstage is an open platform for building developer portals. @backstage/catalog-model prior to version 1.2.0, @backstage/core-components prior to 0.12.4, and @backstage/plugin-catalog-backend prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicio...

CVE-2023-25151

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

GHSA-MRQX-MJC4-VFH3 wallabag subject to Improper Authorization via annotations

Impact The annotations feature lets users add annotations on highlighted parts of an entry. The controller does not validate authorization on PUT and DELETE requests which lets a logged user modify or delete any annotation using their ID on their endpoints example.org/annotations/id. These...

wallabag subject to Improper Authorization via annotations

Impact The annotations feature lets users add annotations on highlighted parts of an entry. The controller does not validate authorization on PUT and DELETE requests which lets a logged user modify or delete any annotation using their ID on their endpoints example.org/annotations/id. These...