CVE-2024-41605

In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed...

Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2024-41605

CVE-2024-41605 affects Foxit PDF Reader before 2024.3 and Foxit PDF Editor before 2024.3, and 13.x before 13.1.4. The issue is that the updater lacks integrity validation, allowing an attacker to replace an update file with a Trojan horse and execute attacker-controlled code via side loading. Thi...

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PD...

kernel: ring-buffer: Fix a race between readers and resize checks

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rbgetreaderpage swaps a new reader page into the ring buffer by doing cmpxchg on old-list.prev-next to point it to the new page. Following that, if the...

EulerOS 2.0 SP8 : libxml2 (EulerOS-SA-2024-2478)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...

Foxit PDF Reader < 2024.2.3 Multiple Vulnerabilities

According to its version, the Foxit PDF Reader application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 2024.2.3. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This...

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020, particularly those related to memory usage after it is freed, allow attackers to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute...

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

...

Talk of election security is good, but we still need more money to solve the problem

Last week, six Secretaries of State testified to U.S. Congress about the current state of election security ahead of November's Presidential election. Some of the same topics came up as usual -- disinformation campaigns, influence from foreign actors, and the physical protection of poll workers o...

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant...

Adobe Acrobat Reader DC Continuous Security Update (APSB24-70) - Windows

Adobe Acrobat Reader DC Continuous is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Reader Classic 2020 Security Update (APSB24-70) - Mac OS X

Adobe Acrobat Reader Classic 2020 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Reader Classic 2020 Security Update (APSB24-70) - Windows

Adobe Acrobat Reader Classic 2020 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Acrobat Reader DC Continuous Security Update (APSB24-70) - Mac OS X

Adobe Acrobat Reader DC Continuous is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-1578

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration...

CVE-2024-1578 Multiple MiCard PLUS card reader dropped characters

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration...