Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-pdf vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2021-21430
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave applicatio...
Openapi-generator Openapi Generator
NA
CVE-2021-21056
Adobe Framemaker version 2020.0.1 (and previous versions) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user...
Adobe Framemaker
1 Article
6.5
CVSSv3
CVE-2020-29075
Acrobat Reader DC versions 2020.013.20066 (and previous versions), 2020.001.30010 (and previous versions) and 2017.011.30180 (and previous versions) are affected by an information exposure vulnerability, that could enable an malicious user to get a DNS interaction and track if th...
Adobe Acrobat
Adobe Acrobat Dc
Adobe Acrobat Reader
Adobe Acrobat Reader Dc
7.8
CVSSv3
CVE-2020-29599
ImageMagick prior to 6.9.11-40 and 7.x prior to 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shel...
Imagemagick Imagemagick
Debian Debian Linux 9.0
2 Github repositories
7.8
CVSSv3
CVE-2020-6113
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order ...
Gonitro Nitro Pro 13.16.2.300
Gonitro Nitro Pro 13.13.2.242
7.8
CVSSv3
CVE-2020-6112
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stri...
Gonitro Nitro Pro 13.16.2.300
Gonitro Nitro Pro 13.13.2.242
5.4
CVSSv3
CVE-2020-12646
OX App Suite 7.10.3 and previous versions allows XSS via text/x-javascript, text/rdf, or a PDF document.
Open-xchange Open-xchange Appsuite
7.8
CVSSv3
CVE-2020-7374
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code ex...
Documalis Free Pdf Editor 5.7.2.26
Documalis Free Pdf Scanner 5.7.2.122
9.8
CVSSv3
CVE-2018-21244
An issue exists in Foxit PhantomPDF prior to 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
Foxitsoftware Phantompdf
6.1
CVSSv3
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. Thi...
Cybelesoft Thinfinity Virtualui
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »