PT-2023-28263 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this, where the target...

Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Drools Core Deserialization of Untrusted Data vulnerability

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

GHSA-M5Q8-58WH-XXQ4 Drools Core Deserialization of Untrusted Data vulnerability

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-2771)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-28249 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

PDF-XChange Editor App Object Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Oracle Linux 8 : sssd (ELSA-2019-3651)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3651 advisory. 2.2.0-19 - Resolves: rhbz1712875 - Old kerberos credentials active instead of valid new ones kcm 2.2.0-18 - Resolves: rhbz1744134 - New defect found in...

PT-2023-22196 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 22.3.6 Electron versions prior to 23.2.3 Electron versions prior to 24.0.1 Electron versions prior to 25.0.0-alpha.2 Description: Electron is a framework for writing cross-platform desktop applications using...

Zope AccessControl Information Disclosure Vulnerability

Zope AccessControl is a generic security framework used in Zope from the Zope Foundation. An information disclosure vulnerability exists in Zope AccessControl that stems from allowing a person controlling a format string to read accessible recursive objects via attribute access and subscription o...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability exists because the number of objects returned with the ListObjects API are non-deterministic which allows an attacker to access unauthorized objects if the model contains expressions of type rel1 from type1...

The vulnerability of PDF-XChange Editor’s document viewing and editing software lies in the handling of an unreliable pointer, allowing attackers to execute arbitrary code.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the handling of App objects using an untrusted pointer. Exploiting this vulnerability can allow attackers to execute arbitrary code...

Malicious code in @manomano-internal/mf-seller-xp-commons-objects (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd96bb1666c4060364596cc3a673428b5f242af6b6a80c2decf413bb23424261 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-27517 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.3.0 and earlier Description: The issue affects OpenFGA, an authorization/permission engine, where some end users of versions 1.3.0 or earlier are vulnerable to authorization bypass when calling the "ListObjects" API endpoin...

PT-2023-27471 · Maxon · Maxon Cinema 4D

Name of the Vulnerable Software and Affected Versions: Maxon Cinema 4D affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this issue, where the target must...

DRUPAL-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...