Total
8566 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51611 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21836. | ||||
| CVE-2023-51609 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21834. | ||||
| CVE-2023-51607 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21829. | ||||
| CVE-2024-27333 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21976. | ||||
| CVE-2024-27334 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21978. | ||||
| CVE-2024-5510 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 7.8 High |
| Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22019. | ||||
| CVE-2024-5511 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 7.8 High |
| Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22020. | ||||
| CVE-2024-5512 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22021. | ||||
| CVE-2023-42100 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. . Was ZDI-CAN-21604. | ||||
| CVE-2023-44434 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21979. | ||||
| CVE-2023-44433 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 5.5 Medium |
| Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. . Was ZDI-CAN-21977. | ||||
| CVE-2023-51606 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 7.8 High |
| Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21759. | ||||
| CVE-2023-53161 | 1 Sequoia-pgp | 1 Buffered-reader | 2025-08-06 | 2.9 Low |
| The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic. | ||||
| CVE-2023-53160 | 1 Sequoia-pgp | 1 Sequoia-openpgp | 2025-08-06 | 2.9 Low |
| The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic. | ||||
| CVE-2024-5307 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | 3.3 Low |
| Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22933. | ||||
| CVE-2025-24497 | 1 F5 | 2 Big-ip, Big-ip Policy Enforcement Manager | 2025-08-06 | 7.5 High |
| When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-39180 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-08-06 | 4 Medium |
| A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. | ||||
| CVE-2023-39179 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-08-06 | 7.5 High |
| A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | ||||
| CVE-2023-39176 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-08-06 | 5.8 Medium |
| A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | ||||
| CVE-2025-46716 | 1 Sandboxie-plus | 1 Sandboxie | 2025-08-04 | 5.5 Medium |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue. | ||||