Vulnerabilities > Gonitro > Nitro PRO > 11.0.3.173
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2018-18689 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. network low complexity avanquest foxitsoftware gonitro iskysoft pdf-xchange pdfforge qoppa sodapdf soft-xpansion tracker-software visagesoft CWE-347 | 5.3 |
| 2021-01-07 | CVE-2018-18688 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. network low complexity code-industry foxitsoftware gonitro iskysoft libreoffice nuance qoppa soft-xpansion CWE-347 | 5.3 |
| 2020-03-08 | CVE-2020-10223 | Out-of-bounds Write vulnerability in Gonitro Nitro PRO npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. | 8.1 |
| 2020-03-08 | CVE-2020-10222 | Unspecified vulnerability in Gonitro Nitro PRO npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. | 8.1 |
| 2019-11-21 | CVE-2019-18958 | Incorrect Permission Assignment for Critical Resource vulnerability in Gonitro Nitro PRO Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. | 7.8 |
| 2017-08-03 | CVE-2017-7442 | Path Traversal vulnerability in Gonitro Nitro PRO 11.0.3.173 Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | 8.8 |