Total
12880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51597 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21755. | ||||
| CVE-2023-37345 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20442. | ||||
| CVE-2023-37346 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20443. | ||||
| CVE-2023-37331 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 7.8 High |
| Kofax Power PDF GIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20373. | ||||
| CVE-2023-37334 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 7.8 High |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20390. | ||||
| CVE-2024-5513 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 7.8 High |
| Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22044. | ||||
| CVE-2023-42127 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21585. | ||||
| CVE-2023-44432 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21584. | ||||
| CVE-2023-38087 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF clearTimeOut Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of app objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20560. | ||||
| CVE-2023-38089 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | N/A |
| Kofax Power PDF clearInterval Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of app objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20567. | ||||
| CVE-2024-5301 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | 7.8 High |
| Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22917. | ||||
| CVE-2024-5302 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | 7.8 High |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22918. | ||||
| CVE-2024-5303 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | 7.8 High |
| Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22919. | ||||
| CVE-2024-5304 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | 7.8 High |
| Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22920. | ||||
| CVE-2024-58264 | 1 Cosmwasm | 2 Serde-json-wasm, Serde Json Wasm | 2025-08-06 | 3.2 Low |
| The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data. | ||||
| CVE-2025-41431 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-08-06 | 7.5 High |
| When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-10397 | 1 Openafs | 1 Openafs | 2025-08-05 | 7.8 High |
| A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. | ||||
| CVE-2024-4853 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-08-05 | 3.6 Low |
| Memory handling issue in editcap could cause denial of service via crafted capture file | ||||
| CVE-2024-45183 | 1 Samsung | 7 Exynos 1280, Exynos 1330, Exynos 1380 and 4 more | 2025-08-05 | 6.5 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write. | ||||
| CVE-2023-4042 | 2 Artifex, Redhat | 9 Ghostscript, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 6 more | 2025-08-05 | 5.5 Medium |
| A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. | ||||