CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-40326
https://notcve.org/view.php?id=CVE-2021-40326
29 Aug 2022 — Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification. Foxit PDF Reader versiones anteriores a 11.1 y PDF Editor versiones anteriores a 11.1, y PhantomPDF versiones anteriores a 10.1.6, manejan inapropiadamente los datos ocultos e incrementales en los documentos firmados. Un atacante puede escribir en un archivo... • https://www.foxit.com/support/security-bulletins.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41780
https://notcve.org/view.php?id=CVE-2021-41780
29 Aug 2022 — Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. Foxit PDF Reader versiones anteriores a 11.1 y PDF Editor versiones anteriores a 11.1, y PhantomPDF versiones anteriores a 10.1.6, permiten a atacantes desencadenar un uso de memoria previamente liberada y ejecutar código arbitrario porque JavaScript está manejado inapropiadamente • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41781
https://notcve.org/view.php?id=CVE-2021-41781
29 Aug 2022 — Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. Foxit PDF Reader versiones anteriores a 11.1 y PDF Editor versiones anteriores a 11.1, y PhantomPDF versiones anteriores a 10.1.6, permiten a atacantes desencadenar un uso de memoria previamente liberada y ejecutar código arbitrario porque JavaScript está manejado inapropiadamente • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41782
https://notcve.org/view.php?id=CVE-2021-41782
29 Aug 2022 — Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. Foxit PDF Reader versiones anteriores a 11.1 y PDF Editor versiones anteriores a 11.1, y PhantomPDF versiones anteriores a 10.1.6, permiten a atacantes desencadenar un uso de memoria previamente liberada y ejecutar código arbitrario porque JavaScript está manejado inapropiadamente • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41783
https://notcve.org/view.php?id=CVE-2021-41783
29 Aug 2022 — Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. Foxit PDF Reader versiones anteriores a 11.1 y PDF Editor versiones anteriores a 11.1, y PhantomPDF versiones anteriores a 10.1.6, permiten a atacantes desencadenar un uso de memoria previamente liberada y ejecutar código arbitrario porque JavaScript está manejado inapropiadamente • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 1CVE-2021-41784
https://notcve.org/view.php?id=CVE-2021-41784
29 Aug 2022 — Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. Foxit PDF Reader versiones anteriores a 11.1 y PDF Editor versiones anteriores a 11.1, y PhantomPDF versiones anteriores a 10.1.6, permiten a atacantes desencadenar un uso de memoria previamente liberada y ejecutar código arbitrario porque JavaScript está manejado inapropiadamente • https://github.com/Jeromeyoung/CVE-2021-41784 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41785
https://notcve.org/view.php?id=CVE-2021-41785
29 Aug 2022 — Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. Foxit PDF Reader versiones anteriores a 11.1 y PDF Editor versiones anteriores a 11.1, y PhantomPDF versiones anteriores a 10.1.6, permiten a atacantes desencadenar un uso de memoria previamente liberada y ejecutar código arbitrario debido a un manejo inapropiado de JavaScript • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25641
https://notcve.org/view.php?id=CVE-2022-25641
29 Aug 2022 — Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. Foxit PDF Reader versiones anteriores a 11.2.2 y PDF Editor versiones anteriores a 11.2.2, y PhantomPDF versiones anteriores a 10.1.8, manejan inapropiadamente la información de referencias cruzadas durante el aná... • https://www.foxit.com/support/security-bulletins.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27517
https://notcve.org/view.php?id=CVE-2021-27517
20 Jul 2021 — Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API). Foxit PDF SDK For Web versiones hasta 7.5.0, permite un ataque de tipo XSS. Se presenta una ejecución de código JavaScript arbitrario en el navegador si una víctima carga un documento PDF malicioso conteniendo código JavaScript insertado que abusa de app.alert (en la ... • https://www.foxitsoftware.com/support/security-bulletins.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •