CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Foxitsoftware : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38569 674 2021-08-11 2021-08-12
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.
2 CVE-2021-38567 2021-08-11 2021-08-16
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204.
3 CVE-2021-38566 400 2021-08-11 2021-08-16
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes.
4 CVE-2021-38565 2021-08-11 2021-08-16
5.0
None Remote Low Not required None Partial None
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm.
5 CVE-2020-13815 400 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.
6 CVE-2020-13810 347 Bypass 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.
7 CVE-2020-13809 400 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
8 CVE-2020-13808 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.
9 CVE-2020-13807 835 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.
10 CVE-2020-13806 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
11 CVE-2020-13805 307 2020-06-04 2020-06-04
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.
12 CVE-2020-13803 347 Bypass 2020-06-04 2020-06-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.
13 CVE-2019-20837 347 Bypass 2020-06-04 2020-06-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.
14 CVE-2019-20836 200 +Info 2020-06-04 2020-06-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.
15 CVE-2019-20834 347 Bypass 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.
16 CVE-2019-20833 522 2020-06-04 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.
17 CVE-2019-20829 476 2020-06-04 2020-06-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
18 CVE-2019-20828 120 Overflow 2020-06-04 2020-06-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
19 CVE-2019-20826 476 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.
20 CVE-2019-20824 476 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
21 CVE-2019-20823 120 Overflow 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
22 CVE-2019-20821 476 2020-06-04 2020-06-08
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.
23 CVE-2019-20820 476 2020-06-04 2021-02-03
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.
24 CVE-2019-20819 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.
25 CVE-2019-20818 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.
26 CVE-2019-20817 476 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.
27 CVE-2019-20816 476 2020-06-04 2021-02-03
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.
28 CVE-2019-20815 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.
29 CVE-2019-20814 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
30 CVE-2019-20813 476 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
31 CVE-2018-21240 400 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
32 CVE-2018-21239 522 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.
33 CVE-2018-21238 400 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
34 CVE-2018-21237 522 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.
35 CVE-2018-21236 476 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.
36 CVE-2018-21235 287 Bypass 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.
37 CVE-2018-19348 125 DoS +Info 2018-11-17 2018-12-18
5.8
None Remote Medium Not required Partial None Partial
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x000000000012dff5" issue.
38 CVE-2018-19347 125 DoS +Info 2018-11-17 2018-12-27
5.8
None Remote Medium Not required Partial None Partial
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11bb" issue.
39 CVE-2018-19346 125 DoS +Info 2018-11-17 2018-12-18
5.8
None Remote Medium Not required Partial None Partial
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea" issue.
40 CVE-2018-19345 125 DoS +Info 2018-11-17 2018-12-18
5.8
None Remote Medium Not required Partial None Partial
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at U3DBrowser!PlugInMain+0x0000000000053f8b" issue.
41 CVE-2018-19344 125 DoS +Info 2018-11-17 2018-12-18
5.8
None Remote Medium Not required Partial None Partial
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from Faulting Address may be used as a return value starting at U3DBrowser!PlugInMain+0x0000000000031a75" issue.
42 CVE-2018-19343 125 DoS +Info 2018-11-17 2018-12-18
5.8
None Remote Medium Not required Partial None Partial
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faulting Address controls Code Flow starting at U3DBrowser!PlugInMain+0x00000000000f43ff" issue.
43 CVE-2018-19342 125 DoS +Info 2018-11-17 2018-12-18
5.8
None Remote Medium Not required Partial None Partial
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x000000000000347a" issue.
44 CVE-2018-19341 125 DoS +Info 2018-11-17 2018-12-18
5.8
None Remote Medium Not required Partial None Partial
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!std::basic_ostream >::operator<<+0x0000000000087906" issue.
45 CVE-2016-4061 20 DoS 2016-04-22 2016-11-28
5.0
None Remote Low Not required None None Partial
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.
46 CVE-2016-4060 DoS 2016-04-22 2016-11-28
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
47 CVE-2015-3633 119 DoS Overflow Mem. Corr. 2015-05-01 2017-01-03
5.0
None Remote Low Not required None None Partial
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.
48 CVE-2014-6853 310 +Info 2014-10-01 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Total number of vulnerabilities : 48   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.