Lucene search
K

610 matches found

CVE
CVE
added 2024/04/30 2:38 p.m.63 views

CVE-2024-25938

CVE-2024-25938 affects Foxit Reader 2024.1.0.23997 and is a use-after-free vulnerability in the Barcode widget. According to Talos, a specially crafted JavaScript in a malicious PDF can trigger reuse of a freed object, leading to memory corruption and potentially arbitrary code execution. Exploit...

8.8CVSS7.1AI score0.15639EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2024/04/30 2:38 p.m.75 views

CVE-2024-25575

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS9.1AI score0.17716EPSS
Exploits1References1
CVE
CVE
added 2024/04/30 2:38 p.m.89 views

CVE-2024-25575

Foxit Reader CVE-2024-25575 is a type-confusion vulnerability in the Lock object’s fields handling. Talos documents a type-confusion in Foxit Reader 2024.1.0.23997 that can cause memory corruption and arbitrary code execution via JavaScript in malicious PDFs or a crafted site when the browser plu...

8.8CVSS7.1AI score0.17716EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2024/04/30 2:38 p.m.72 views

CVE-2024-25648

Foxit Reader 2024.1.0.23997 is affected by a use-after-free in the ComboBox handling that can be triggered when processing JavaScript in a malicious PDF or when visiting a crafted site with the browser plugin enabled. Talos provides concrete details on the vulnerable path: a ComboBox object is fr...

8.8CVSS7.1AI score0.15639EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2024/04/30 2:38 p.m.13 views

CVE-2024-25575

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS8.9AI score0.17716EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/30 2:38 p.m.16 views

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

8.8CVSS8.9AI score0.15639EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/30 2:38 p.m.67 views

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

8.8CVSS9.1AI score0.15639EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.4 views

CSS Exfil Protection 安全漏洞

CSS Exfil Protection is a browser plugin from the individual developer Mike Gualtieri. A security vulnerability exists in CSS Exfil Protection version v.1.1.0, which originated from a vulnerability that allows remote attackers to obtain sensitive information via the content.js and parseCSSRules...

7.5CVSS6.5AI score0.00757EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/01 12:0 a.m.4 views

PT-2024-3606 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.1.0.23997 Description: A type confusion vulnerability exists in the way Foxit Reader handles a Lock object. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to...

10CVSS8.2AI score0.17716EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2024/02/20 5:35 p.m.12 views

CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2023/11/27 4:15 p.m.22 views

CVE-2023-41257

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

8.8CVSS0.01627EPSS
Exploits0References2
OSV
OSV
added 2023/11/27 4:15 p.m.2 views

CVE-2023-38573

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS6AI score0.01907EPSS
Exploits1References2
NVD
NVD
added 2023/11/27 4:15 p.m.18 views

CVE-2023-38573

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS0.01907EPSS
Exploits1References2
NVD
NVD
added 2023/11/27 4:15 p.m.15 views

CVE-2023-39542

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerabilit...

8.8CVSS0.03346EPSS
Exploits1References2
OSV
OSV
added 2023/11/27 4:15 p.m.5 views

CVE-2023-39542

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerabilit...

8.8CVSS6.5AI score0.03346EPSS
Exploits1References2
NVD
NVD
added 2023/11/27 4:15 p.m.23 views

CVE-2023-32616

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS0.0182EPSS
Exploits1References2
OSV
OSV
added 2023/11/27 4:15 p.m.5 views

CVE-2023-32616

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS6AI score0.0182EPSS
Exploits1References2
Prion
Prion
added 2023/11/27 4:15 p.m.23 views

Design/Logic Flaw

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

6.8CVSS7.7AI score0.0182EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/11/27 4:15 p.m.33 views

Remote code execution

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerabilit...

6.8CVSS8AI score0.03346EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/11/27 4:15 p.m.29 views

Type confusion

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

6.8CVSS7.6AI score0.01627EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder