Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8844 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102.
CVE-2018-13211 1 Mytokenshr Project 1 Mytokenshr 2020-02-18 5.0 MEDIUM 7.5 HIGH
The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
CVE-2020-8850 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9415.
CVE-2020-8851 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9406.
CVE-2020-8848 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9407.
CVE-2020-8852 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 4.3 MEDIUM 3.3 LOW
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9416.
CVE-2020-8853 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9591.
CVE-2020-8854 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9606.
CVE-2020-8855 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560.
CVE-2020-8857 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862.
CVE-2020-8849 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2020-02-18 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9413.
CVE-2020-0018 1 Google 1 Android 2020-02-18 2.1 LOW 4.4 MEDIUM
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049
CVE-2020-0021 1 Google 1 Android 2020-02-18 6.8 MEDIUM 6.5 MEDIUM
In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141413692
CVE-2020-0005 1 Google 1 Android 2020-02-18 7.2 HIGH 6.7 MEDIUM
In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141552859
CVE-2012-2412 2020-02-17 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4531. Reason: This candidate is a duplicate of CVE-2012-4531. Notes: All CVE users should reference CVE-2012-4531 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2020-8549 1 Machothemes 1 Strong Testimonials 2020-02-17 4.3 MEDIUM 6.1 MEDIUM
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.
CVE-2014-9404 2020-02-17 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5005. Reason: This candidate is a reservation duplicate of CVE-2014-5005. Notes: All CVE users should reference CVE-2014-5005 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2015-1396 2 Debian, Gnu 2 Debian Linux, Patch 2020-02-17 6.4 MEDIUM 7.5 HIGH
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
CVE-2013-4448 2020-02-17 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5111. Reason: This candidate is a duplicate of CVE-2010-5111. Notes: All CVE users should reference CVE-2010-5111 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2015-1387 2020-02-17 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1454. Reason: This candidate is a reservation duplicate of CVE-2015-1454. Notes: All CVE users should reference CVE-2015-1454 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2012-6590 1 Paloaltonetworks 1 Pan-os 2020-02-17 4.3 MEDIUM N/A
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139.
CVE-2012-6591 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116.
CVE-2012-6592 1 Paloaltonetworks 1 Pan-os 2020-02-17 10.0 HIGH N/A
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091.
CVE-2012-6593 1 Paloaltonetworks 1 Pan-os 2020-02-17 10.0 HIGH N/A
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.
CVE-2012-6594 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299.
CVE-2012-6595 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595.
CVE-2012-6596 1 Paloaltonetworks 1 Pan-os 2020-02-17 5.0 MEDIUM N/A
Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493.
CVE-2012-6597 1 Paloaltonetworks 1 Pan-os 2020-02-17 6.3 MEDIUM N/A
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254.
CVE-2012-6598 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.
CVE-2012-6599 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.
CVE-2012-6600 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.
CVE-2012-6601 1 Paloaltonetworks 1 Pan-os 2020-02-17 10.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983.
CVE-2012-6602 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122.
CVE-2012-6603 1 Paloaltonetworks 1 Pan-os 2020-02-17 10.0 HIGH N/A
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
CVE-2012-6604 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249.
CVE-2012-6605 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.
CVE-2012-6606 1 Paloaltonetworks 2 Globalprotect, Netconnect 2020-02-17 5.8 MEDIUM N/A
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate.
CVE-2013-5664 1 Paloaltonetworks 1 Pan-os 2020-02-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.
CVE-2014-3764 1 Paloaltonetworks 1 Pan-os 2020-02-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.
CVE-2016-1712 1 Paloaltonetworks 1 Pan-os 2020-02-17 7.2 HIGH 7.8 HIGH
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
CVE-2016-2219 1 Paloaltonetworks 1 Pan-os 2020-02-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3654 1 Paloaltonetworks 1 Pan-os 2020-02-17 9.0 HIGH 7.2 HIGH
The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter.
CVE-2016-3655 1 Paloaltonetworks 1 Pan-os 2020-02-17 10.0 HIGH 9.8 CRITICAL
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.
CVE-2016-3656 1 Paloaltonetworks 1 Pan-os 2020-02-17 5.0 MEDIUM 7.5 HIGH
The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service crash) via a crafted request.
CVE-2016-3657 1 Paloaltonetworks 1 Pan-os 2020-02-17 10.0 HIGH 9.8 CRITICAL
Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.
CVE-2016-9149 1 Paloaltonetworks 1 Pan-os 2020-02-17 4.0 MEDIUM 6.5 MEDIUM
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
CVE-2016-9150 1 Paloaltonetworks 1 Pan-os 2020-02-17 10.0 HIGH 9.8 CRITICAL
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-9151 1 Paloaltonetworks 1 Pan-os 2020-02-17 4.6 MEDIUM 7.8 HIGH
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
CVE-2017-12416 1 Paloaltonetworks 1 Pan-os 2020-02-17 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.
CVE-2017-15870 1 Paloaltonetworks 1 Globalprotect 2020-02-17 7.2 HIGH 6.7 MEDIUM
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."