Monthly Archive: June 2020

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php

Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a...

Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the...

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or...

An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the...

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. Date published : 2020-06-04 https://fortiguard.com/advisory/FG-IR-20-021

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500...