CVE-2024-9254

CVE-2024-9254 describes a use-after-free in Foxit PDF Reader/Editor related to annotation handling. The flaw occurs when processing Annotation objects without validating an object’s existence before performing operations, enabling an attacker to execute arbitrary code in the signer’s process. Exp...

CVE-2024-9254 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

CVE-2024-9247 Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2024-9758

Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this...

CVE-2024-8847

PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2024-8847

PDF-XChange Editor is affected by CVE-2024-8847: Doc Object handling flaw causes an out-of-bounds read, enabling remote code execution. The issue arises from inadequate validation of user-supplied data in Doc objects, allowing code execution in the process context. Exploitation requires user inte...

CVE-2024-8847 PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability

PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a...

smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects. The library does not limit the maximum exploration depth while...

CVE-2021-3838

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...

Protection Mechanism Failure

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Protection Mechanism Failure in a sandbox, an attacker can access attributes of Array-like objects due to improper validation by the security policy. Note: This change...

UBUNTU-CVE-2024-51754

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...

UBUNTU-CVE-2024-51755

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

GHSA-JJXQ-FF2G-95VH Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled

Description In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. Resolution The sandbox mode now ensures...

CVE-2024-51755 Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

CVE-2024-51755 Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

PT-2024-34886 · Twig +1 · Twig +1

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 3.11.2 Twig versions prior to 3.14.1 Description: In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and t...

DEBIAN-CVE-2024-50121

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsdshrinkerwork using sync mode in nfs4stateshutdownnet In the normal case, when we excute echo 0 /proc/fs/nfsd/threads, the function nfs4statedestroynet in nfs4stateshutdownnet will release all resources related to...

Denial of service through tracking and requesting Aim objects through web API

This report is not public...

CVE-2024-10456

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication...

CVE-2024-10456 Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication...