Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

qpopper

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

305

CISA CVEs -

0

NVD CVEs -

16
Related CVEsRelated VendorsRelated AssignersReports
320Vulnerabilities found
CVE-2021-22508
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.2||HIGH
EPSS-0.15% / 36.22%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 18:32
Updated-15 Aug, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential SQL injection in OpenText Operations Bridge Reporter

A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application.

Action-Not Available
Vendor-Micro Focus International LimitedOpen Text Corporation
Product-Operations Bridge Reporteroperations_bridge_reporter
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33146
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.39%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmwareethernet_adapterethernet_controller_i225_manageability_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33145
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-25 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmwareethernet_adapterethernet_controller_i225_manageability_firmware
CWE ID-CWE-248
Uncaught Exception
CVE-2021-33161
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.04% / 10.20%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmwareethernet_controller_i225_manageability_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33141
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-8.6||HIGH
EPSS-0.13% / 33.45%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmwareethernet_adapterethernet_controller_i225_manageability_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2020-26312
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.21% / 42.79%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 20:22
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHSL-2020-254: Arbitrary file read and/or write in dotmesh

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. The routine `untarFile` attempts to guard against creating symbolic links that point outside the directory a tar archive is extracted to. However, a malicious tarball first linking `subdir/parent` to `..` (allowed, because `subdir/..` falls within the archive root) and then linking `subdir/parent/escapes` to `..` results in a symbolic link pointing to the tarball’s parent directory, contrary to the routine’s goals. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, they may be able to read arbitrary system files the parent process has permissions to read. As of time of publication, no patch for this issue is available.

Action-Not Available
Vendor-dotmesh-iodotmesh-io
Product-dotmeshdotmesh
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22280
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.2||HIGH
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 19:36
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in Automation Studio

Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-Automation Studioautomation_studio
CWE ID-CWE-20
Improper Input Validation
CVE-2020-18305
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.34% / 55.72%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 15:43
Updated-11 Jun, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

Action-Not Available
Vendor-extremenetworksn/aextremenetworks
Product-extremexosn/aexos
CWE ID-CWE-287
Improper Authentication
CVE-2021-35002
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-5.42% / 89.77%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-10 Apr, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability

BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122.

Action-Not Available
Vendor-bmcBMCbmc
Product-track-it\!Track-It!track-it\!
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-35001
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.1||LOW
EPSS-0.36% / 57.16%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-11 Apr, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability

BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.

Action-Not Available
Vendor-bmcBMCbmc
Product-track-it\!Track-It!track-it\!
CWE ID-CWE-862
Missing Authorization
CVE-2021-34999
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.8||LOW
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability

OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-14540.

Action-Not Available
Vendor-OpenBSD
Product-openbsdKernelopenbsd
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-34982
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-4.18% / 88.25%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6120r7000p_firmwarerax35v2v6510-1fxaus_firmwarerax45_firmwarerax15_firmwarev6510-1fxausex3700r7000pex7000_firmwarer8000_firmwareex6120_firmwarems80rax38v2_firmwared7000v2rax48_firmwarer6400_firmwarerax80r6400v2rax50srax35v2_firmwarer6700v3ex6130_firmwarer7000_firmwarers400r7850_firmwarer8300_firmwaredgn2200v4rax15d6220_firmwarerax200_firmwarer7850ex3800_firmwaremr80_firmwarers400_firmwarerax20_firmwarer8000p_firmwarerax40v2_firmwarer6900p_firmwarer7100lg_firmwared6400_firmwarerax43r7900plax20_firmwarewndr3400v3_firmwarexr300_firmwarer6900pex3700_firmwarerax20rax42_firmwareraxe450mr60raxe500_firmwaremr60_firmwarerax50dgn2200v4_firmwarexr300dc112alax20r7100lgms80_firmwarer6400v2_firmwarerax43_firmwarerax45rax75rax75_firmwarerax48rax50s_firmwarerax40v2ex7500_firmwared7000v2_firmwarerax200wnr3500lv2_firmwarer6700v3_firmwarems60ms60_firmwarer7900p_firmwarer6400rax80_firmwarexr1000r7000r8000wnr3500lv2rax50_firmwareex7500ex7000ex6130r7960p_firmwarer7960pmr80ex3800wndr3400v3raxe450_firmwarer8000pr8500rax38v2raxe500r8300d6400rax42r8500_firmwarexr1000_firmwared6220dc112a_firmwareMultiple Routersmultiple_router_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34981
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.24%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability

Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelKernelkernel
CWE ID-CWE-415
Double Free
CVE-2021-34976
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.61% / 68.85%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-15 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability

Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14659.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34975
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-08 Aug, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34974
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34973
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.61% / 68.85%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability

Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14968.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34972
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.54% / 66.51%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14975.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34971
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.41% / 84.48%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerphantompdfpdf_editorpdf_reader
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-34970
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability

Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the print method. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14849.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_readerpdf_editor
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2021-34969
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.54% / 66.51%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability

Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14622.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34968
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34967
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34966
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34965
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34964
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34963
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34962
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34961
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34960
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34959
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14360.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34958
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34957
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34956
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14357.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34955
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdf
CWE ID-CWE-416
Use After Free
CVE-2021-34954
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14355.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34953
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.71% / 85.35%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_readerpdf_editor
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2021-34952
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34951
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.51% / 65.46%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-07 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability

Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14395.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-windowspdf_editorpdf_readerPDF Readerphantompdfpdf_editorpdf_reader
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2021-34950
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.73% / 81.68%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14396.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_editorpdf_reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-34949
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-0.34% / 56.11%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14273.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-34948
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34947
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.66%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6200rbs40_firmwarer6700axd7800_firmwarer9000_firmwarerbs50_firmwarerbs10_firmwarerbs40rax78_firmwareex6420_firmwareex6250ex8000_firmwarerax120_firmwarer7800_firmwarerax120r8900_firmwareex7320ex6100_firmwarelbr20_firmwarexr450_firmwarerax10_firmwareex7300v2_firmwarerax120v2ex7700_firmwarerax70rbs20ex7300_firmwarewnr2000v5_firmwared7800rbr10_firmwareex6150ex6400v2lbr1020ex7300v2rbs50ex6410_firmwarerax10ex6100ex7320_firmwareex6410r6700ax_firmwarerbr50_firmwarexr500_firmwareex6400v2_firmwareex7700rbs50yrbr40_firmwarexr450rbr40rbs20_firmwarexr700_firmwarer9000ex2700xr500xr700lbr20rbs10ex6400_firmwarerbr20rbr20_firmwareex6500v1ex8000ex6250_firmwarewn3000rpv2_firmwareex6420rbr50rax120v2_firmwareex2700_firmwareex6500v1_firmwarerbs50y_firmwarewnr2000v5ex7300ex6400rbr10r7800lbr1020_firmwarewn3000rpv2ex6150_firmwarerax70_firmwarer8900rax78ex6200_firmwareR7800r7800
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20451
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.40%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 18:16
Updated-07 Jan, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller SQL injection

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controllercognos_controller
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-20556
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 17:31
Updated-07 Jan, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controllercognos_controller
CWE ID-CWE-204
Observable Response Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-19751
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.09% / 26.91%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-28 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io.

Action-Not Available
Vendor-n/aeasymine
Product-n/aeasymine
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2019-19752
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.51%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-25 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated plans to fix this in the next image build.

Action-Not Available
Vendor-n/afullzero
Product-n/anvoc
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2019-19755
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 31.59%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-25 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this.

Action-Not Available
Vendor-n/aethos
Product-n/aethos
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-19753
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 31.59%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using public IPv4.

Action-Not Available
Vendor-n/astupidthings.net
Product-n/asimpleminingos
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2020-27478
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-1.04% / 76.61%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code via a crafted script to the search bar feature.

Action-Not Available
Vendor-n/asimplcommerce
Product-n/asimplcommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next