| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Nitro PDF Pro before 14.43 for Windows contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF. For example, 14.41.1.4 and 14.42.0.34 have been reported as vulnerable. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Integer overflow or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Integer overflow or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network. |
| Out-of-bounds read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. |
| Missing authentication for critical function in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Improper access control in Windows BitLocker allows an authorized attacker to bypass a security feature locally. |
| Improper access control in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Windows DHCP Client allows an unauthorized attacker to disclose information locally. |