Eclipse Theia 安全漏洞

Eclipse Theia is the Eclipse Foundation's set of open source IDE frameworks for desktop and web applications based on Visual Studio Code. A security vulnerability exists in the version of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, which originates from Webview content that...

Design/Logic Flaw

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

Design/Logic Flaw

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a...

CVE-2021-21893

CVE-2021-21893 describes a use-after-free vulnerability in Foxit Software’s PDF Reader (and related Foxit PDF Editor/PhantomPDF suites) version 11.0.0.49893 where a crafted PDF can trigger reuse of freed memory, leading to arbitrary code execution. Exploitation requires user interaction (open mal...

CVE-2021-21893

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

Foxit PDF Reader < 11.0.1 Multiple Vulnerabilities (macOS)

The version of Foxit PDF Reader for Mac installed on the remote macOS host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities: - Multiple remote code execution vulnerabilities exist in Foxit PDF Reader due to use-after-free errors when handling certain Javascripts. An...

DEBIAN-CVE-2021-28904

In function extgetplugin in libyang = v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmprevision, extpluginsu.revision will lead to a crash...

Design/Logic Flaw

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a...

PT-2021-4115 · Libyang +2 · Libyang +2

Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0.225 Description: The issue is related to the function ext get plugin in the libyang library, where it fails to check if the revision value is NULL. This oversight can lead to a crash when the strcmp function is...

CVE-2020-13548

In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting...

CVE-2020-13547

A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to...

CVE-2020-13547

A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to...

CVE-2020-13557

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

Design/Logic Flaw

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

CVE-2020-13570

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicio...

CVE-2020-13570

CVE-2020-13570 is a use-after-free vulnerability in Foxit Reader/PhantomPDF (Foxit PDF Reader) JavaScript engine, affecting version 10.1.0.37527. A crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required to exploit; browser plugin usage can a...

CVE-2020-13560

CVE-2020-13560 affects Foxit PDF Reader (example: version 10.1.0.37527) and is a use-after-free in the JavaScript engine. A specially crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required (opening the malicious file). If the browser plugin ...

Foxit Reader JavaScript choice field format event use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

Foxit Reader JavaScript media openPlayer type confusion vulnerability

Summary A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the...

Foxit Reader JavaScript choice field use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...