Vulnerabilities > Gonitro > Nitro PRO > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-18 CVE-2020-6092 Integer Overflow or Wraparound vulnerability in Gonitro Nitro PRO 13.9.1.155
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects.
network
gonitro CWE-190
6.8
2020-05-18 CVE-2020-6074 Use After Free vulnerability in Gonitro Nitro PRO 13.9.1.155
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155.
network
gonitro CWE-416
6.8
2020-03-08 CVE-2020-10223 Out-of-bounds Write vulnerability in Gonitro Nitro PRO
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.
network
gonitro CWE-787
5.8
2020-03-08 CVE-2020-10222 Out-of-bounds Write vulnerability in Gonitro Nitro PRO
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.
network
gonitro CWE-787
5.8
2019-11-21 CVE-2019-18958 Improper Input Validation vulnerability in Gonitro Nitro PRO
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner.
local
low complexity
gonitro CWE-20
4.6
2017-08-03 CVE-2017-7442 Path Traversal vulnerability in Gonitro Nitro PRO 11.0.3.173
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
network
gonitro CWE-22
6.8
2017-07-07 CVE-2017-7950 Improper Input Validation vulnerability in Gonitro Nitro PRO
Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
network
gonitro CWE-20
4.3