CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

ZKteco iClock 信息泄露漏洞

ZKTeco iClock is a biometric fingerprint reader for time and attendance and access control applications from ZKTeco, a Chinese company. An information disclosure vulnerability exists in ZKteco iClock version v3.1-168, which originates from the exposure of sensitive information to unauthorized use...

DEBIAN-CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...

AZL-50031 CVE-2024-47554 affecting package apache-commons-io for versions less than 2.14.0-1

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...

UBUNTU-CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...

CVE-2024-28888

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

CVE-2024-28888

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

CVE-2024-28888

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

CVE-2024-28888

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

CVE-2024-28888

CVE-2024-28888 is a use-after-free vulnerability in Foxit Reader/Foxit PDF Editor affecting components that handle a checkbox field object. The root cause is memory management in the checkbox handling path, allowing a specially crafted JavaScript inside a malicious PDF (or a crafted site when the...

The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) is related to access control errors, allowing attackers to execute arbitrary code.

The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to access control bugs. Exploiting this vulnerability can allow an attacker to execute arbitrary code by replacing th...

Foxit Reader 资源管理错误漏洞

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A resource management error vulnerability exists in Foxit Reader version 2024.1.0.23997, which originates from a mix-up in the program's instructions responsible for freeing memory. An attacker can exploit this vulnerability t...

Foxit Reader checkbox Calculate use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...

Vulnerabilities fixed in Foxit PDF Editor and PDF Reader

Foxit has fixed vulnerabilities in PDF Editor and PDF Reader. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or potentially execute arbitrary code in the context of the application, potentially gaining access to sensitive data. Successful exploitation requires t...

FIDO2 redirection in Chrome and Edge doesn't work

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/fido2.htmllocal-authorization-and-virtual-authentication-using-fido2-and-webauthn was followed. However devices which use Fido2 such as fingerprint readers and YubiKey devices are not detected in the browser,...

PT-2024-22628 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.1.0.23997 Description: A use-after-free vulnerability exists in the way Foxit Reader handles a checkbox field object. A specially crafted JavaScript code inside a malicious PDF document can trigger this vulnerability...

Foxit PDF Reader Elevation of Privilege Vulnerability

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. An elevation of privilege vulnerability exists in Foxit PDF Reader, which stems from not properly assigning privileges when handling configuration files, and can be exploited by an attacker to elevate...

Foxit PDF Reader Code Execution Vulnerability (CNVD-2024-40812)

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. A code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code on the system...

Foxit PDF Reader Code Execution Vulnerability (CNVD-2024-40813)

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. A code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code on the system...

Foxit PDF Reader Code Execution Vulnerability (CNVD-2024-40811)

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. A code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code on the system...