This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. (CVE-2021-44740, CVE-2021-44741) - Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. (CVE-2021-44708, CVE-2021-44709) - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file.
FOXIT PDF READER CODE
It is, therefore affected by multiple vulnerabilities: - Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user.
Synopsis A PDF viewer installed on the remote Windows host is affected by multiple vulnerabilities Description According to its version, the Foxit PDF Reader application (previously named Foxit Reader) installed on the remote Windows host is prior to 11.2.1.
0 kommentar(er)
