CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-18688
https://notcve.org/view.php?id=CVE-2018-18688
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6853
https://notcve.org/view.php?id=CVE-2014-6853
01 Oct 2014 — The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Foxit MobilePDF - PDF Reader (también conocido como com.foxit.mobile.pdf.lite) 2.2.0.0616 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •