PT-2025-4092 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the targ...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of PDF document viewing and editing software PDF-XChange Editor lies in the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created XPS file...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of PDF-XChange Editor, a program for viewing and editing PDF documents, relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created XPS file...

mozilla: Type Confusion in Async Generators in Javascript Engine

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

mozilla: Type Confusion in Async Generators in Javascript Engine

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash...

The vulnerability of embedded software developed by Qualcomm, related to uncontrolled implementation of certain certifications, allows attackers to cause system failures.

The vulnerability of embedded Qualcomm software is related to an uncontrolled and exploitable specification. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2024-39613

Mattermost Desktop App versions =5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine...

SUSE CVE-2024-43357

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

CVE-2023-4680

A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...

CLSA-2024-1724348053 bind: Fix of 2 CVEs

CVE-2024-1737: add a limit to the number of RRs in RRSets and RR types for single name - CVE-2024-1975: remove support for SIG0 message verification - Fix the SYSTEMTEST section in the spec file...

SUSE CVE-2024-43865

In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in loadfpustate With the recent rewrite of the fpu code exception handling for the lfpc instruction within loadfpustate was erroneously removed. Add it again to prevent that loading invalid...

CVE-2024-43865

In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in loadfpustate With the recent rewrite of the fpu code exception handling for the lfpc instruction within loadfpustate was erroneously removed. Add it again to prevent that loading invalid...

GO-2022-1264 usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos

usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos...

DEBIAN-CVE-2024-43865

In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in loadfpustate With the recent rewrite of the fpu code exception handling for the lfpc instruction within loadfpustate was erroneously removed. Add it again to prevent that loading invalid...

UBUNTU-CVE-2024-43865

In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in loadfpustate With the recent rewrite of the fpu code exception handling for the lfpc instruction within loadfpustate was erroneously removed. Add it again to prevent that loading invalid...

CVE-2024-43865 s390/fpu: Re-add exception handling in load_fpu_state()

In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in loadfpustate With the recent rewrite of the fpu code exception handling for the lfpc instruction within loadfpustate was erroneously removed. Add it again to prevent that loading invalid...

GO-2024-3071 Gateway API route matching order contradicts specification in github.com/cilium/cilium

Gateway API route matching order contradicts specification in github.com/cilium/cilium...

Gateway API route matching order contradicts specification

Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...

CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...