PT-2023-9815 · Foxit · Foxit Pdf Editor +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

Denial Of Service (DoS)

org.bouncycastle: bcprov is vulnerable to Denial of Service DoS. The vulnerability arises due to parsing certificates in the PEMParser class. This class is responsible for parsing X.509 certificates, encoded keys and PKCS7 objects. The parser can throw an OutOfMemoryError while parsing crafted...

VulnCheck KEV: CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

SUSE CVE-2023-33202

Bouncy Castle for Java before 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafte...

PT-2023-7206 · Unknown +2 · Bouncy Castle For Java +2

Name of the Vulnerable Software and Affected Versions: Bouncy Castle for Java versions prior to 1.73 BC-FJA versions prior to 1.0.2.4 Description: The issue is related to insufficient input validation in the Bouncy Castle org.bouncycastle.openssl.PEMParser class, which parses OpenSSL PEM encoded...

The vulnerability of the OpenCMS content management system lies in the improper limitation of XML links to external objects, which allows attackers to execute arbitrary code by sending a specially crafted POST request.

The vulnerability of the OpenCMS content management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted POST request remotely...

The vulnerability of Siemens OPC UA Modeling Editor (SiOME) relates to incorrect restrictions on XML references to external objects, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Siemens OPC UA Modeling Editor SiOME is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information...

CVE-2023-20274

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An...

CVE-2023-20274

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6503-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6503-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local...

PT-2023-8868 · Foxit · Foxit Pdf Editor +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: The issue is related to the use of memory after it has been freed when handling Doc objects, which can allow an attacker to execute...

Oracle Linux 9 : python-cryptography (ELSA-2023-6615)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6615 advisory. - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz2172399 Tenable has extracted the preceding description block directly fr...

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

Adobe Acrobat Reader DC AcroForm value Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Adobe Acrobat Reader DC AcroForm Doc Object Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

GHSA-4JQ9-2XHW-JPX7 Java: DoS Vulnerability in JSON-JAVA

Summary A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: 1 the parser bug can be used to circumvent a check that is supposed to...

kernel: Linux kernel: Memory leak in RDMA/irdma subsystem leads to Denial of Service

A flaw was found in the Linux kernel's RDMA/irdma subsystem. When the irdma module is unloaded, certain memory objects PBLEs are not properly released, leading to a memory leak. A local attacker could repeatedly trigger this condition, causing system memory to be exhausted and resulting in a Deni...

kernel: vmwgfx: race condition leading to information disclosure vulnerability

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

PT-2023-29238 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a maliciou...