cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-5510,https://securityvulnerability.io/vulnerability/CVE-2024-5510,Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability,"A vulnerability exists in Kofax Power PDF related to the parsing of JP2 files, allowing remote attackers to execute arbitrary code under certain conditions. This flaw is caused by inadequate validation of data supplied by users, leading to the potential for reading beyond the bounds of allocated memory. To exploit this vulnerability, users must interact with an attacker-crafted file or visit a malicious webpage, making it imperative for organizations utilizing Kofax Power PDF to implement security measures and apply relevant patches to mitigate risks associated with CVE-2024-5510.",Kofax,Power PDF,7.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-22T20:15:00.000Z,0 CVE-2024-5513,https://securityvulnerability.io/vulnerability/CVE-2024-5513,Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability,"The vulnerability associated with Kofax Power PDF involves a flaw in the parsing of JP2 files that allows a remote attacker to execute arbitrary code on affected installations. This flaw results from insufficient validation of user-supplied data, which may lead to an out-of-bounds write past the allocated buffer end. As a consequence, an attacker can exploit the vulnerability to execute code in the context of the current process, provided that a user visits a malicious webpage or opens a compromised file. Awareness of this issue and appropriate security measures are essential to mitigate risks.",Kofax,Power PDF,7.8,HIGH,0.000750000006519258,false,false,false,false,,false,false,2024-11-22T20:15:00.000Z,0 CVE-2024-5511,https://securityvulnerability.io/vulnerability/CVE-2024-5511,Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability,"The vulnerability in Kofax Power PDF arises from improper validation during the parsing of JP2 files, resulting in out-of-bounds read capabilities. This flaw permits remote attackers to execute arbitrary code on affected systems after enticing a user to open a malicious JP2 file or visit a compromised webpage. The exploitation occurs when user-supplied data leads to read operations that exceed allocated memory boundaries, allowing attackers to execute code with the permissions of the user's process.",Kofax,Power PDF,7.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-22T20:15:00.000Z,0 CVE-2024-30373,https://securityvulnerability.io/vulnerability/CVE-2024-30373,Remote Code Execution Vulnerability in Kofax Power PDF Due to JPF File Parsing,"A significant security flaw exists in Kofax Power PDF related to the parsing of JPF files, enabling remote attackers to manipulate data that leads to an out-of-bounds write condition. This vulnerability arises from inadequate validation of user-supplied input, which may permit writes beyond the allocated boundaries of memory objects. Successful exploitation necessitates user interaction, specifically requiring the victim to view a malicious webpage or open a malformed file. Once the flaw is exploited, an attacker can execute arbitrary code with the permissions of the affected application, potentially compromising the integrity and confidentiality of the user's system.",Kofax,Power PDF,7.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-06-06T18:20:51.497Z,0 CVE-2024-5307,https://securityvulnerability.io/vulnerability/CVE-2024-5307,Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability,"Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22933.",Kofax,Power PDF,3.3,LOW,0.0005699999746866524,false,false,false,false,,false,false,2024-06-06T18:19:10.362Z,0 CVE-2024-5306,https://securityvulnerability.io/vulnerability/CVE-2024-5306,Remote Code Execution Vulnerability in Kofax Power PDF Allows Attackers to Execute Arbitrary Code,"A vulnerability in Kofax Power PDF allows remote attackers to execute arbitrary code by exploiting improper validation during PDF file parsing. This flaw arises due to inadequate checks on user-supplied data, leading to a memory corruption situation. Successful exploitation requires the victim to interact with a malicious webpage or open a compromised PDF file. This poses significant security risks for users of Kofax Power PDF as attackers can execute code within the context of the affected application, potentially leading to unauthorized access and control.",Kofax,Power PDF,7.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-06-06T18:18:54.144Z,0 CVE-2024-5305,https://securityvulnerability.io/vulnerability/CVE-2024-5305,Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability,"A vulnerability in Kofax Power PDF relates to the improper processing of PDF file content, leading to a stack-based buffer overflow. This flaw allows remote attackers to execute arbitrary code within the context of the affected application. The attack vector requires user interaction, as the recipient must either open a malicious PDF file or visit a harmful webpage containing the exploit. It is imperative for users and administrators to apply necessary security measures to mitigate the risks associated with this vulnerability.",Kofax,Power PDF,7.8,HIGH,0.0006699999794363976,false,false,false,false,,false,false,2024-06-06T18:04:23.845Z,0 CVE-2024-5304,https://securityvulnerability.io/vulnerability/CVE-2024-5304,Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability,"A vulnerability in Kofax Power PDF allows remote code execution due to improper handling of TGA file parsing. The flaw arises from a lack of validation for user-supplied data, enabling attackers to write beyond the allocated buffer. Exploitation requires user interaction, necessitating that the target either visits a malicious website or opens a specially crafted file. Successful exploitation can result in arbitrary code execution within the context of the current process, posing significant risks to user security.",Kofax,Power PDF,7.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-06-06T18:04:00.432Z,0 CVE-2024-5303,https://securityvulnerability.io/vulnerability/CVE-2024-5303,Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability,"The vulnerability within Kofax Power PDF involves a flaw in the parsing of PSD files that can lead to an out-of-bounds write condition. This occurs due to inadequate validation of incoming data from users, specifically when processing malicious files. Attackers can exploit this vulnerability by enticing a user to open a specially crafted PSD file, resulting in potential arbitrary code execution within the context of the application. It is essential for users and organizations to remain vigilant and ensure that they apply necessary patches and updates to mitigate risks associated with this vulnerability.",Kofax,Power PDF,7.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-06-06T18:03:36.386Z,0 CVE-2024-5302,https://securityvulnerability.io/vulnerability/CVE-2024-5302,Remote Code Execution Vulnerability in Kofax Power PDF Due to PDF File Parsing,"The Kofax Power PDF software has a notable vulnerability related to the parsing of PDF files. This vulnerability arises from inadequate validation of user-supplied data, leading to an out-of-bounds write condition. Attackers can exploit this flaw by enticing users to open a crafted PDF file or visit a malicious web page. If successfully executed, the malicious code may run in the context of the current user process, potentially allowing unauthorized actions or system manipulation. It is imperative for users to remain vigilant and ensure that their installations of Kofax Power PDF are up-to-date, applying available security patches to mitigate this risk. Further details can be found in the advisory from the Zero Day Initiative.",Kofax,Power PDF,7.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-06-06T17:54:37.289Z,0 CVE-2024-5301,https://securityvulnerability.io/vulnerability/CVE-2024-5301,Heap-based Buffer Overflow Remote Code Execution Vulnerability in Kofax Power PDF,"A vulnerability exists in Kofax Power PDF that affects the parsing of PSD files, resulting in a heap-based buffer overflow. This flaw arises due to insufficient validation of user-supplied data lengths before copying them into a fixed-length heap-based buffer. When exploited, this vulnerability enables remote attackers to execute arbitrary code in the context of the affected process. Successful exploitation requires user interaction, where the target must visit a malicious webpage or open a crafted PSD file designed to exploit this weakness. Protecting against this vulnerability involves ensuring that users are educated about the risks of opening untrusted files and employing security measures to detect and block potential exploits.",Kofax,Power PDF,7.8,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2024-06-06T17:54:16.772Z,0 CVE-2023-51610,https://securityvulnerability.io/vulnerability/CVE-2023-51610,Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability,"Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. . Was ZDI-CAN-21835.",Kofax,Power PDF,3.3,LOW,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51609,https://securityvulnerability.io/vulnerability/CVE-2023-51609,Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability,"Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21834.",Kofax,Power PDF,3.3,LOW,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51608,https://securityvulnerability.io/vulnerability/CVE-2023-51608,Remote Code Execution Vulnerability in Kofax Power PDF Due to J2K File Parsing Memory Corruption,"A vulnerability has been identified in Kofax Power PDF pertaining to memory corruption during the parsing of J2K files. The flaw arises from inadequate validation of input data supplied by the user, creating a condition that may be exploited by malicious actors. To exploit the vulnerability, an attacker must entice a user into visiting a malicious webpage or opening a compromised file, which could lead to arbitrary code execution in the context of the running process. This issue highlights critical security considerations for users of Kofax Power PDF and emphasizes the importance of vigilance against untrusted sources.",Kofax,Power PDF,7.8,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51567,https://securityvulnerability.io/vulnerability/CVE-2023-51567,OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability,"Kofax Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21988.",Kofax,Power PDF,3.3,LOW,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51568,https://securityvulnerability.io/vulnerability/CVE-2023-51568,Kofax Power PDF OXPS File Parsing Use-After-Free Information Disclosure Vulnerability,"Kofax Power PDF OXPS File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21990.",Kofax,Power PDF,3.3,LOW,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51607,https://securityvulnerability.io/vulnerability/CVE-2023-51607,Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability,"Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21829.",Kofax,Power PDF,3.3,LOW,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51597,https://securityvulnerability.io/vulnerability/CVE-2023-51597,Remote Code Execution Vulnerability in Kofax Power PDF Due to U3D File Parsing,"A vulnerability in Kofax Power PDF related to U3D file parsing allows remote attackers to execute arbitrary code on affected installations. The flaw arises from inadequate validation of user-supplied data, enabling an out-of-bounds write that can occur when a user opens a specially crafted U3D file. Although user interaction is required, this vulnerability presents significant risks as it can allow an attacker to run code in the context of the current process, potentially compromising the integrity and confidentiality of the system.",Kofax,Power PDF,7.8,HIGH,0.000750000006519258,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51606,https://securityvulnerability.io/vulnerability/CVE-2023-51606,Remote Code Execution Vulnerability in Kofax Power PDF Due to U3D File Parsing,"A vulnerability exists in Kofax Power PDF related to the parsing of U3D files, which can lead to out-of-bounds read conditions. This flaw is a result of inadequate validation of user-supplied data, allowing attackers to potentially execute arbitrary code within the context of the application. Successful exploitation requires user interaction, as the target must navigate to a malicious page or open a compromised file. Security measures should be taken to mitigate the risks associated with this vulnerability, such as user education and ensuring that all software is kept up-to-date with the latest security patches.",Kofax,Power PDF,7.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51569,https://securityvulnerability.io/vulnerability/CVE-2023-51569,Remote Code Execution Vulnerability in Kofax Power PDF Due to BMP File Parsing,"A vulnerability in Kofax Power PDF allows remote attackers to execute arbitrary code on systems using affected versions of the software through an out-of-bounds write caused by improper validation of BMP file parsing. This vulnerability necessitates user interaction, as an attacker must entice the user to open a malicious BMP file or visit an attacker-controlled page containing such a file. If exploited, this flaw could enable an attacker to execute code within the context of the current user’s process, potentially compromising sensitive information and system integrity.",Kofax,Power PDF,7.8,HIGH,0.000750000006519258,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51612,https://securityvulnerability.io/vulnerability/CVE-2023-51612,Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability,"Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21837.",Kofax,Power PDF,3.3,LOW,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51565,https://securityvulnerability.io/vulnerability/CVE-2023-51565,Remote Code Execution Vulnerability in Kofax Power PDF,"A vulnerability exists in Kofax Power PDF related to the mishandling of XPS files, which can lead to remote code execution. The flaw stems from the failure to validate the existence of objects before performing operations on them. This enables attackers to exploit the vulnerability by enticing users into visiting malicious web pages or opening compromised files, thereby executing arbitrary code within the context of the current process. User interaction is necessary for this exploitation.",Kofax,Power PDF,7.8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51564,https://securityvulnerability.io/vulnerability/CVE-2023-51564,PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability,"Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21606.",Kofax,Power PDF,3.3,LOW,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51611,https://securityvulnerability.io/vulnerability/CVE-2023-51611,Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability,"Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21836.",Kofax,Power PDF,3.3,LOW,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-51566,https://securityvulnerability.io/vulnerability/CVE-2023-51566,Remote Code Execution Vulnerability in Kofax Power PDF Due to OXPS File Parsing Stack-Based Buffer Overflow,"A stack-based buffer overflow vulnerability exists in the OXPS file parsing feature of Kofax Power PDF. By failing to adequately validate the length of user-supplied data before copying it to a fixed-length stack-based buffer, the software allows remote attackers to exploit this flaw. Exploitation requires user interaction, as the target needs to open a malicious OXPS file or visit a web page that triggers the vulnerability. If successfully executed, the attacker can run arbitrary code within the context of the affected process, posing significant risks to system integrity and confidentiality. Users are advised to remain cautious about file sources and consider applying security updates to mitigate potential threats.",Kofax,Power PDF,7.8,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0