VYPR

Vendor CVEs

Kofax

All CVEs

111 total · sorted by risk
  • CVE-2024-27334MedApr 2, 2024
    risk 0.36cvss 5.5epss 0.00

    Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that…

  • CVE-2024-27333MedApr 1, 2024
    risk 0.36cvss 5.5epss 0.00

    Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that…

  • CVE-2023-5118MedJan 11, 2024
    risk 0.35cvss 5.4epss 0.00

    The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the…

  • CVE-2018-17288MedApr 18, 2019
    risk 0.35cvss 5.4epss 0.01

    Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in…

  • CVE-2018-17287MedApr 18, 2019
    risk 0.32cvss 4.9epss 0.00

    In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue…

  • CVE-2024-12548LowFeb 11, 2025
    risk 0.21cvss 3.3epss 0.00

    Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit…

  • CVE-2024-5307LowJun 6, 2024
    risk 0.21cvss 3.3epss 0.00

    Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in…

  • CVE-2023-51612LowMay 3, 2024
    risk 0.21cvss 3.3epss 0.01

    Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the…

  • CVE-2023-51568LowMay 3, 2024
    risk 0.21cvss 3.3epss 0.01

    Kofax Power PDF OXPS File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that…

  • CVE-2024-27345LowApr 3, 2024
    risk 0.21cvss 3.3epss 0.00

    Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that…

  • CVE-2011-5294Jan 1, 2015
    risk 0.00cvss epss 0.01

    The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument.

Page 3 of 3