Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42414PUBLISHED: 2023-01-26
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsi...
CVE-2022-42415PUBLISHED: 2023-01-26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP...
CVE-2022-42416PUBLISHED: 2023-01-26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TI...
CVE-2022-42417PUBLISHED: 2023-01-26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TI...
CVE-2022-42418PUBLISHED: 2023-01-26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TI...
User Rank: Apprentice
1/26/2015 | 9:13:48 AM
We've been doing it since 2011 and for all programming languages, we are in a unique position to look at real data from a large number of commercial projects.
Our research shows that if managed properly - ie updated when new security vulnerabilities are disclosed or when new versions are available - 98% of the projects that contain faulty open source components would not contain them.
So the problem is not open source but how it is used.