CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13814
https://notcve.org/view.php?id=CVE-2020-13814
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.1. Presenta un uso de la memoria previamente liberada por medio de un documento que carece de un diccionario • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13810
https://notcve.org/view.php?id=CVE-2020-13810
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.2. Permite omitir la comprobación de firma por medio de un archivo modificado o un archivo con firmas no estándar • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13808
https://notcve.org/view.php?id=CVE-2020-13808
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.2. Permite el consumo de recursos por medio de datos de flujo de referencia cruzada • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13809
https://notcve.org/view.php?id=CVE-2020-13809
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.2. Permite el consumo de recursos por medio de largas cadenas en el flujo de contenido • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13807
https://notcve.org/view.php?id=CVE-2020-13807
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.2. Presenta un manejo inapropiado de referencia circular que causa un bucle • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13806
https://notcve.org/view.php?id=CVE-2020-13806
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.2. Presenta un uso de la memoria previamente liberada debido a una ejecución de JavaScript después de una operación de borrado o cierre • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13805
https://notcve.org/view.php?id=CVE-2020-13805
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.2. Presenta un manejo inapropiado de un ataque de fuerza bruta porque el servicio CAS carece de un límite de fallos de inicio de sesión • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13804
https://notcve.org/view.php?id=CVE-2020-13804
04 Jun 2020 — An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. Se detectó un problema en Foxit Reader y PhantomPDF versiones anteriores a 9.7.2. Permite una divulgación de información de un nombre de usuario y contraseña embebidos en el plugin DocuSign • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-10890 – Foxit PhantomPDF ConvertToPDF Arbitrary File Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10890
16 Apr 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the ConvertToPDF command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the co... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-10892 – Foxit PhantomPDF CombineFiles Arbitrary File Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10892
16 Apr 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the CombineFiles command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the co... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-352: Cross-Site Request Forgery (CSRF) •