Total
8405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13327 | 2 Foxitsoftware, Microsoft | 2 Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8888. | |||||
| CVE-2019-13326 | 2 Foxitsoftware, Microsoft | 2 Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8864. | |||||
| CVE-2019-13325 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922. | |||||
| CVE-2019-13324 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782. | |||||
| CVE-2019-13323 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8783. | |||||
| CVE-2019-13320 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814. | |||||
| CVE-2019-13319 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669. | |||||
| CVE-2019-13318 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8544. | |||||
| CVE-2019-13317 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759. | |||||
| CVE-2019-13316 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757. | |||||
| CVE-2019-13315 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656. | |||||
| CVE-2019-13124 | 2 Foxitsoftware, Microsoft | 2 Foxit Reader, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2). | |||||
| CVE-2019-13123 | 2 Foxitsoftware, Microsoft | 2 Foxit Reader, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2). | |||||
| CVE-2019-12812 | 2 Activesoft, Microsoft | 2 Mybuilder, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution. | |||||
| CVE-2019-12811 | 2 Activesoft, Microsoft | 2 Mybuilder, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution | |||||
| CVE-2019-12810 | 2 Estsoft, Microsoft | 2 Alsee, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. | |||||
| CVE-2019-12807 | 2 Estsoft, Microsoft | 2 Alzip, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code. | |||||
| CVE-2019-12806 | 2 Crosscert, Microsoft | 2 Unisign, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets. | |||||
| CVE-2019-12731 | 2 Microsoft, Mikogo | 2 Windows, Mikogo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges. | |||||
| CVE-2019-12574 | 2 Londontrustmedia, Microsoft | 2 Private Internet Access Vpn Client, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM. | |||||