Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by Nitro

    CVE-2026-44373 (GCVE-0-2026-44373)

    Vulnerability from nvd – Published: 2026-05-13 20:26 – Updated: 2026-05-14 13:16
    VLAI
    Title
    Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`
    Summary
    Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44373",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T13:12:25.544148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T13:16:50.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nitro",
              "vendor": "nitrojs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.260429-beta"
                }
              ]
            },
            {
              "product": "nitropack",
              "vendor": "nitrojs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.13.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T20:26:28.255Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q"
            },
            {
              "name": "https://github.com/nitrojs/nitro/pull/4222",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/pull/4222"
            },
            {
              "name": "https://github.com/nitrojs/nitro/pull/4223",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/pull/4223"
            },
            {
              "name": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4"
            },
            {
              "name": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta"
            }
          ],
          "source": {
            "advisory": "GHSA-5w89-w975-hf9q",
            "discovery": "UNKNOWN"
          },
          "title": "Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44373",
        "datePublished": "2026-05-13T20:26:28.255Z",
        "dateReserved": "2026-05-05T20:15:20.631Z",
        "dateUpdated": "2026-05-14T13:16:50.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44372 (GCVE-0-2026-44372)

    Vulnerability from nvd – Published: 2026-05-13 20:30 – Updated: 2026-05-14 15:47
    VLAI
    Title
    Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
    Summary
    Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T15:46:57.649072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T15:47:06.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nitro",
              "vendor": "nitrojs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.260429-beta"
                }
              ]
            },
            {
              "product": "nitropack",
              "vendor": "nitrojs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.13.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T20:30:44.943Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m"
            },
            {
              "name": "https://github.com/nitrojs/nitro/pull/4236",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/pull/4236"
            },
            {
              "name": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4"
            },
            {
              "name": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta"
            }
          ],
          "source": {
            "advisory": "GHSA-9phm-9p8f-hw5m",
            "discovery": "UNKNOWN"
          },
          "title": "Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44372",
        "datePublished": "2026-05-13T20:30:44.943Z",
        "dateReserved": "2026-05-05T20:15:20.631Z",
        "dateUpdated": "2026-05-14T15:47:06.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2016-8713 (GCVE-0-2016-8713)

    Vulnerability from nvd – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
    VLAI
    Summary
    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
    CWE
    • remote code error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Nitro Nitro Pro Affected: 10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version
    Create a notification for this product.
    Date Public
    2017-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:27:41.279Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nitro Pro",
              "vendor": "Nitro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                }
              ]
            }
          ],
          "datePublic": "2017-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T19:16:47.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "96155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2016-8713",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nitro Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nitro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96155"
                },
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0226/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2016-8713",
        "datePublished": "2017-02-10T17:00:00.000Z",
        "dateReserved": "2016-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:27:41.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8711 (GCVE-0-2016-8711)

    Vulnerability from nvd – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
    VLAI
    Summary
    A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.
    CWE
    • remote code error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Nitro Nitro Pro Affected: 10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version
    Create a notification for this product.
    Date Public
    2017-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:27:41.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nitro Pro",
              "vendor": "Nitro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                }
              ]
            }
          ],
          "datePublic": "2017-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T19:16:45.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "96155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2016-8711",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nitro Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nitro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96155"
                },
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0224/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2016-8711",
        "datePublished": "2017-02-10T17:00:00.000Z",
        "dateReserved": "2016-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:27:41.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8709 (GCVE-0-2016-8709)

    Vulnerability from nvd – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
    VLAI
    Summary
    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
    CWE
    • remote code error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Nitro Nitro Pro Affected: 10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version
    Create a notification for this product.
    Date Public
    2017-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:27:41.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nitro Pro",
              "vendor": "Nitro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                }
              ]
            }
          ],
          "datePublic": "2017-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T19:16:42.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "96155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2016-8709",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nitro Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nitro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96155"
                },
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0218/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2016-8709",
        "datePublished": "2017-02-10T17:00:00.000Z",
        "dateReserved": "2016-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:27:41.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-44372 (GCVE-0-2026-44372)

    Vulnerability from cvelistv5 – Published: 2026-05-13 20:30 – Updated: 2026-05-14 15:47
    VLAI
    Title
    Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
    Summary
    Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T15:46:57.649072Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T15:47:06.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nitro",
              "vendor": "nitrojs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.260429-beta"
                }
              ]
            },
            {
              "product": "nitropack",
              "vendor": "nitrojs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.13.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T20:30:44.943Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m"
            },
            {
              "name": "https://github.com/nitrojs/nitro/pull/4236",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/pull/4236"
            },
            {
              "name": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4"
            },
            {
              "name": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta"
            }
          ],
          "source": {
            "advisory": "GHSA-9phm-9p8f-hw5m",
            "discovery": "UNKNOWN"
          },
          "title": "Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44372",
        "datePublished": "2026-05-13T20:30:44.943Z",
        "dateReserved": "2026-05-05T20:15:20.631Z",
        "dateUpdated": "2026-05-14T15:47:06.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44373 (GCVE-0-2026-44373)

    Vulnerability from cvelistv5 – Published: 2026-05-13 20:26 – Updated: 2026-05-14 13:16
    VLAI
    Title
    Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`
    Summary
    Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44373",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T13:12:25.544148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T13:16:50.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nitro",
              "vendor": "nitrojs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.260429-beta"
                }
              ]
            },
            {
              "product": "nitropack",
              "vendor": "nitrojs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.13.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T20:26:28.255Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q"
            },
            {
              "name": "https://github.com/nitrojs/nitro/pull/4222",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/pull/4222"
            },
            {
              "name": "https://github.com/nitrojs/nitro/pull/4223",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/pull/4223"
            },
            {
              "name": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4"
            },
            {
              "name": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta"
            }
          ],
          "source": {
            "advisory": "GHSA-5w89-w975-hf9q",
            "discovery": "UNKNOWN"
          },
          "title": "Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44373",
        "datePublished": "2026-05-13T20:26:28.255Z",
        "dateReserved": "2026-05-05T20:15:20.631Z",
        "dateUpdated": "2026-05-14T13:16:50.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2016-8709 (GCVE-0-2016-8709)

    Vulnerability from cvelistv5 – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
    VLAI
    Summary
    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
    CWE
    • remote code error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Nitro Nitro Pro Affected: 10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version
    Create a notification for this product.
    Date Public
    2017-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:27:41.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nitro Pro",
              "vendor": "Nitro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                }
              ]
            }
          ],
          "datePublic": "2017-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T19:16:42.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "96155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2016-8709",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nitro Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nitro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96155"
                },
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0218/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2016-8709",
        "datePublished": "2017-02-10T17:00:00.000Z",
        "dateReserved": "2016-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:27:41.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8711 (GCVE-0-2016-8711)

    Vulnerability from cvelistv5 – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
    VLAI
    Summary
    A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.
    CWE
    • remote code error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Nitro Nitro Pro Affected: 10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version
    Create a notification for this product.
    Date Public
    2017-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:27:41.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nitro Pro",
              "vendor": "Nitro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                }
              ]
            }
          ],
          "datePublic": "2017-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T19:16:45.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "96155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2016-8711",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nitro Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nitro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96155"
                },
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0224/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2016-8711",
        "datePublished": "2017-02-10T17:00:00.000Z",
        "dateReserved": "2016-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:27:41.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8713 (GCVE-0-2016-8713)

    Vulnerability from cvelistv5 – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
    VLAI
    Summary
    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
    CWE
    • remote code error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Nitro Nitro Pro Affected: 10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version
    Create a notification for this product.
    Date Public
    2017-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:27:41.279Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96155"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nitro Pro",
              "vendor": "Nitro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                }
              ]
            }
          ],
          "datePublic": "2017-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code error",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T19:16:47.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "96155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96155"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2016-8713",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Nitro Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Nitro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96155"
                },
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0226/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2016-8713",
        "datePublished": "2017-02-10T17:00:00.000Z",
        "dateReserved": "2016-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:27:41.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }