CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27517
https://notcve.org/view.php?id=CVE-2021-27517
20 Jul 2021 — Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API). Foxit PDF SDK For Web versiones hasta 7.5.0, permite un ataque de tipo XSS. Se presenta una ejecución de código JavaScript arbitrario en el navegador si una víctima carga un documento PDF malicioso conteniendo código JavaScript insertado que abusa de app.alert (en la ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-31473 – Foxit Reader browseForDoc Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31473
11 May 2021 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browseForDoc function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to ... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31456 – Foxit Reader Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31456
07 May 2021 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the c... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31457 – Foxit Reader Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31457
07 May 2021 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the c... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31458 – Foxit Reader Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31458
07 May 2021 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the c... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31459 – Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31459
07 May 2021 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31460 – Foxit Reader XFA Template Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31460
07 May 2021 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the cont... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31461 – Foxit Reader app.media Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31461
07 May 2021 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code ... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12248
https://notcve.org/view.php?id=CVE-2020-12248
04 Sep 2020 — In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. En Foxit Reader y PhantomPDF versiones anteriores a 10.0.1, y PhantomPDF versiones anteriores a 9.7.3, los atacantes pueden ejecutar código arbitrario por medio de un desbordamiento de búfer en la región heap de la memoria porque los datos de recursos de imágenes sucios son manejados inapropiadamente • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12247
https://notcve.org/view.php?id=CVE-2020-12247
04 Sep 2020 — In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. En Foxit Reader y PhantomPDF versiones anteriores a 10.0.1, y PhantomPDF versiones anteriores a 9.7.3, los atacantes pueden obtener información confidencial de una lectura fuera de límites porque es usado un índice de cadena de texto después de dividir ... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read •