CVE-2023-38110 Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability

Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target...

CVE-2023-38107 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

CVE-2023-38089 Kofax Power PDF clearInterval Out-Of-Bounds Write Remote Code Execution Vulnerability

Kofax Power PDF clearInterval Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2023-27366 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

CVE-2023-27366

CVE-2023-27366 affects Foxit PDF Reader. It is a Doc object handling Use-After-Free vulnerability that allows an attacker to execute code in the context of the current process. Exploitation requires user interaction (target visits a malicious page or opens a malicious file). The vulnerability is ...

CVE-2023-27329

CVE-2023-27329 affects Foxit PDF Reader. The vulnerability is a Use-After-Free in Annotation handling caused by not validating object existence before operations, enabling arbitrary code execution in the process context. Exploitation requires user interaction (target visits a malicious page or op...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A security vulnerability exists in Foxit PDF Reader, which originates from a remote code execution vulnerability in the reuse of Doc objects after release...

Softing Secure Integration Server 安全漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing, and security supervision. A security vulnerability exists in Softing Secure Integration...

DEBIAN-CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

CVE-2024-27062 nouveau: lock the client object tree.

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

CVE-2024-26957

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcryptcard. The reason was an...

sssd: Race condition during authorization leads to GPO policies functioning inconsistently

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...

kernel: PCI/DOE: Fix destroy_work_on_stack() race

A race condition flaw was found in the Linux kernel's PCI Data Object Exchange DOE implementation. The destroyworkonstack function is called after signaling completion, creating a race where the work struct can go out of scope before being destroyed. This triggers debug object warnings when...

Foxit PDF Editor for Mac < 13.1 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 13.1. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability...

CVE-2024-26926 binder: check offset alignment in binder_get_object()

In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 "binder: avoid potential data leakage when copying txn" introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset...

CVE-2024-32866

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

CVE-2024-32866

CVE-2024-32866 concerns Conform, a type-safe form validation library. The issue enables prototype pollution through parsing of nested objects (object.property) in parseWith… functions due to an improper implementation in versions prior to 1.1.1. This affects server-side validation of form data or...

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

JIT (Just-In-Time) Crash

firefox is vulnerable to JIT Just-In-Time crash. The vulnerability is due to a flaw in the JIT compiler, allowing attackers to crash the browser by mutating specific JavaScript objects during tracing...