Advisories

2024

• CVE-2024-41922: Veertu Anka Build registry log files directory traversal vulnerability
• CVE-2024-39755: Veertu Anka Build node agent update privilege escalation vulnerability
• CVE-2024-41163: Veertu Anka Build registry archive files directory traversal vulnerability
• CVE-2024-47810: Foxit Reader 3D Page Object Use-After-Free Vulnerability
• CVE-2024-49576: Foxit Reader Checkbox Calculate CBF_Widget Use-After-Free Vulnerability
• CVE-2024-49534: Adobe Acrobat Reader Font Program Function Definition Out-Of-Bounds Read Vulnerability
• CVE-2024-49532: Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability
• CVE-2024-49533: Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability
• CVE-2024-39420: Adobe Acrobat Reader Annotation Object Page Race Condition Vulnerability
• CVE-2024-41832: Adobe Acrobat Reader Font gvar TupleVariation Data Out-Of-Bounds Read Vulnerability
• CVE-2024-41835: Adobe Acrobat Reader Font Packed Point Numbers Out-Of-Bounds Read Vulnerability
• CVE-2024-41830: Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability
• CVE-2024-28888: Foxit Reader checkbox Calculate use-after-free vulnerability
• CVE-2024-29072: Foxit Reader Updater improper certificate validation privilege escalation vulnerability
• CVE-2024-25938: Foxit Reader Barcode widget Calculate event use-after-free vulnerability
• CVE-2024-25575: Foxit Reader Lock object fields property type confusion vulnerability
• CVE-2024-25648: Foxit Reader ComboBox widget Format event use-after-free vulnerability
• CVE-2024-30312: Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability
• CVE-2024-30311: Adobe Acrobat Reader Font gvar GlyphVariationData out-of-bounds read vulnerability
• CVE-2024-20735: Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability
• CVE-2024-20729: Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability
• CVE-2024-20747: Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability
• CVE-2024-20730: Adobe Acrobat Reader Font CPAL integer overflow vulnerability
• CVE-2024-20731: Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability
• CVE-2024-20749: Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability
• CVE-2024-20748: Adobe Acrobat Reader Font avar SegmentMaps out-of-bounds read vulnerability

2023

• CVE-2023-47618: TP-Link ER7206 Omada Gigabit VPN Router uhttpd web filtering Command injection Vulnerability
• CVE-2023-42664: TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP global config Command injection Vulnerability
• CVE-2023-47617: TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability
• CVE-2023-47167: TP-Link ER7206 Omada Gigabit VPN Router uhttpd GRE command injection vulnerability
• CVE-2023-43482: TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability
• CVE-2023-36498: TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability
• CVE-2023-46683: TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability
• CVE-2023-47209: TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability
• CVE-2023-44372: Adobe Acrobat Reader U3D page event use-after-free vulnerability
• CVE-2023-41257: Foxit Reader field value property type confusion vulnerability
• CVE-2023-32616: Foxit Reader 3D Annot use-after-free vulnerability
• CVE-2023-35985: Foxit Reader Javascript exportDataObject HTA file creation vulnerability
• CVE-2023-40194: Foxit Reader Javascript exportDataObject arbitrary file creation vulnerability
• CVE-2023-39542: Foxit Reader Javascript saveAs arbitrary file creation vulnerability
• CVE-2023-38573: Foxit Reader signature field OnBlur event use-after-free vulnerability
• CVE-2023-32664: Foxit Reader checkThisBox type confusion vulnerability
• CVE-2023-33866: Foxit Reader Field OnBlur event use-after-free vulnerability
• CVE-2023-27379: Foxit Reader Field Calculate event use-after-free vulnerability

2022

• CVE-2015-3269: Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability

2021

• CVE-2021-34536: Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability
• CVE-2021-35234: SolarWinds Network Performance Monitor TextToSpeech Exposed Dangerous Function Privilege Escalation Vulnerability
• CVE-2021-35234: SolarWinds Network Performance Monitor CustomProperty Exposed Dangerous Function Privilege Escalation Vulnerability
• CVE-2021-34997: Commvault CommCell AppStudioUploadHandler Arbitrary File Upload Remote Code Execution Vulnerability
• CVE-2021-35234: Oracle Business Intelligence UploadFndDBCPage Arbitrary File Upload Remote Code Execution Vulnerability

2020

• CVE-2020-3987: VMware Workstation ThinPrint EMR_STRETCHDIBITS Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2020-3986: VMware Workstation ThinPrint EMF Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2020-16846: SaltStack Salt rest_cherrypy tgt Command Injection Remote Code Execution Vulnerability
• CVE-2020-4241: IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Remote Code Execution Vulnerability
• CVE-2020-4240: IBM Spectrum Protect Plus plugin Directory Traversal File Creation Vulnerability
• CVE-2020-4214: IBM Spectrum Protect Plus cleanupUpdateImage Arbitrary Directory Deletion Vulnerability
• CVE-2020-4212: IBM Spectrum Protect Plus hfpackage Command Injection Remote Code Execution Vulnerability
• CVE-2020-4210: IBM Spectrum Protect Plus changeAdministratorPassword Command Injection Remote Code Execution Vulnerability
• CVE-2020-4209: IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal File Creation Vulnerability
• CVE-2020-4208: IBM Spectrum Protect Plus serveradmin Authentication Bypass Vulnerability
• CVE-2020-5829: Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2020-5828: Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2020-16245: Advantech iView NetworkServlet findUpdateDeviceListExport Directory Traversal Remote Code Execution Vulnerability, ZDI-20-1088, ZDI-20-1085, ZDI-20-1089

2019

• CVE-2019-0961: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2019-1010: Microsoft Windows gdiplus EMR_CREATEDIBPATTERNBRUSHPT Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2019-2827: Oracle WebLogic DeploymentService Directory Traversal Remote Code Execution Vulnerability

2018

• CVE-2018-15946: Adobe Acrobat ImageConversion EMF EmfPlusDrawBeziers Out-Of-Bounds Read Vulnerability
• CVE-2018-12842: Adobe Acrobat ImageConversion EMF EmfPlusDrawDriverstring Integer Overflow Remote Code Execution Vulnerability
• CVE-2018-17683: Foxit Reader Doc createIcon Use-After-Free Remote Code Execution Vulnerability
• CVE-2018-17682: Foxit Reader Annotation delay Use-After-Free Remote Code Execution Vulnerability
• CVE-2018-17634: Foxit Reader Annotation attachIcon Use-After-Free Remote Code Execution Vulnerability
• CVE-2018-17633: Foxit Reader Annotation subject Use-After-Free Remote Code Execution Vulnerability
• CVE-2018-3147: Oracle Outside In vsxl5 GelFrame Record Out-Of-Bounds Read Information Disclosure Vulnerability