2224 matches found
Samsung SmartThings Hub hubCore port 39500 sync denial-of-service vulnerability
Summary An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings’ remote servers, which incorrectly handle camera IDs for the “sync” operation, leading to arbitrary deleti...
Adobe Acrobat Reader DC AcroForm PDFDocEncoding Remote Code Execution Vulnerability
Summary An exploitable case of parser confusion can lead to invalid pointer arithmetic in part of code responsible for parsing AcroForm forms in the Adobe Acrobat Reader DC 2017.009.20044. A specially crafted PDF file can abuse this unchecked pointer arithmetic to access and overwrite arbitrary...
ZTE MF971R Referer authentication bypass vulnerability
Summary An exploitable Referer mitigation bypass vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can bypass Referer-based mitigation. An attacker needs to provide a URL to the victim to trigger the vulnerability. Teste...
OpenClinic GA web portal multiple SQL injection vulnerabilities in the 'getAssets.jsp' page
Summary Multiple exploitable SQL injection vulnerabilities exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...
OS4Ed openSIS DownloadWindow.php SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...
OS4Ed openSIS Modules.php remote code execution vulnerability
Summary A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...
E2fsprogs quotaio_tree.c report_tree() code execution vulnerability
Summary An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Tested...
Simple DirectMedia Layer SDL2_image IMG_LoadPCX_RW signed comparison code execution vulnerability
Summary An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provid...
CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities
Summary An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum’s JSON-RPC. Specially crafted JSON requests can cause a unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. Tested Versions Ethereum...
CPP-Ethereum JSON-RPC admin_nodeInfo improper authorization Vulnerability
Summary An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...
Foscam IP Video Camera CGIProxy.fcgi NTP Server Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration...
Foscam IP Video Camera CGIProxy.fcgi Message 0x3001 Multi-part Form Boundary Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...
CODESYS Development System ObjectManager.plugin Project.get_MissingTypes() Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.getMissingTypes functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...
Webkit ImageDecoderGStreamer use-after-free vulnerability
Summary An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. Tested...
Microsoft Azure Sphere Pluton SIGN_WITH_TENANT_ATTESTATION_KEY memory corruption vulnerability
Talos Vulnerability Report TALOS-2020-1139 Microsoft Azure Sphere Pluton SIGNWITHTENANTATTESTATIONKEY memory corruption vulnerability September 23, 2020 CVE Number None SUMMARY A memory corruption vulnerability exists in the Pluton SIGNWITHTENANTATTESTATIONKEY functionality of Microsoft Azure...
Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability
Talos Vulnerability Report TALOS-2020-1130 Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability September 23, 2020 CVE Number None SUMMARY An information disclosure vulnerability exists in the Littlefs filesystem functionality of Microsoft Azure Sphere 20.06. A specially...
WAGO PFC200 iocheckd service "I/O-Check" MAC Address overwrite Denial of Service Vulnerability
WAGO PFC200 iocheckd service “I/O-Check” MAC Address overwrite Denial of Service Vulnerability Summary An exploitable denial-of-service vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a denial of service, resulti...
Atlassian Jira Issue Key Information Disclosure Vulnerability
Summary An issue key information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid issue keys and invalid issue keys via the /rest/api/1.0/render API endpoint. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira 8.1.0...
AutoDesk AutoCAD 2019 DXF-parsing code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019 P.46.0.0. A specially crafted DXF file can cause a heap overflow, resulting in code execution. An attacker must convince a victim to open a malicious document in order to trigger th...
WIBU-SYSTEMS WibuKey.sys 0x8200E804 pool corruption privilege escalation vulnerability
Summary An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 Build 2400. A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation...
Open Fire User Import Export Plugin XML External Entity Injection
Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...
Network Time Protocol Origin Timestamp Check Impersonation Vulnerability
CERT VU357792 Summary To distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in an incoming packet matches the transmit timestamp it transmitted in its last request. A logic error exists that allows packets with...
Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1776 Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability September 5, 2023 CVE Number CVE-2023-34353 SUMMARY An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation...
Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability
Summary A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions Cosori Smart...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability
Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...
Apple Safari FontFaceSet Remote Code Execution Vulnerability
Summary A type confusion vulnerability exists in the Fonts feature of Apple Safari version 13.0.3. A specially crafted HTML web page can cause a type confusion, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted HTML web pag...
WAGO PFC200 iocheckd service "I/O-Check" ReadPCBManuNum remote code execution vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger...
Shimo VPN Helper Tool disconnectService denial-of-service vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit. Teste...
ACD Systems Canvas Draw 5 huff table out-of-bounds write code execution vulnerability
Summary An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...
Foscam IP Video Camera CGIProxy.fcgi Query Append Buffer Overflow Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...
Artifex MuPDf JBIG2 Parser Code Execution Vulnerability
Summary An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the...
Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities
Talos Vulnerability Report TALOS-2024-1931 Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities February 20, 2024 CVE Number CVE-2024-24793,CVE-2024-24794 SUMMARY A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imagi...
Open Automation Software OAS Platform OAS Engine configuration management improper resource allocation vulnerability
Talos Vulnerability Report TALOS-2023-1773 Open Automation Software OAS Platform OAS Engine configuration management improper resource allocation vulnerability September 5, 2023 CVE Number CVE-2023-34994 SUMMARY An improper resource allocation vulnerability exists in the OAS Engine configuration...
EIP Stack Group OpENer GetAttributeList attribute_count_request out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1661 EIP Stack Group OpENer GetAttributeList attributecountrequest out-of-bounds write vulnerability February 23, 2023 CVE Number CVE-2022-43604 SUMMARY An out-of-bounds write vulnerability exists in the GetAttributeList attributecountrequest functionality of...
Lantronix PremierWave 2050 Web Manager FsBrowseClean directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability...
tinyobjloader LoadObj improper array index validation vulnerability
Summary An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Teste...
CODESYS Development System ComponentModel ComponentManager.StartupCultureSettings Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious fi...
NZXT CAM WinRing0x64 driver IRP 0x9c402084 information disclosure vulnerability
Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...
WAGO PFC200 Cloud Connectivity TimeoutPrepared Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version...
GOG Galaxy service insecure file permissions local privilege elevation vulnerability
Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with...
Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Remote Code Execution Vulnerability
Summary An exploitable type confusion vulnerability exists in code responsible for parsing PDF documents with marked structure elements of Adobe Acrobat Reader DC 2017.009.20044. A specially crafted PDF file can trigger an out of bounds access on the heap potentially leading to arbitrary code...
Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability
Talos Vulnerability Report TALOS-2017-2818 Poppler PDF Image Display DCTStream::readProgressiveSOF Code Execution Vulnerability July 7, 2017 CVE Number CVE-2017-0319 Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically...
FreshTomato httpd unescape memory corruption vulnerability
Summary A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions FreshTomato 2022.1 Product URLs...
Open Automation Software Platform Engine SecureTransferFiles file write vulnerability
Summary A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...
D-LINK DIR-3040 Zebra IP routing manager information disclosure vulnerability
Summary An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. Test...
Accusoft ImageGear TIFF tifread code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to...
Lexmark LibISYSpdf Image Rendering DCTStream::getBlock() Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack....
7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0093 7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability May 10, 2016 CVE Number CVE-2016-2334 DESCRIPTION An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of...
Pidgin libpurple Gadu Gadu HTTP Content-Length Integer Overflow Vulnerability
Talos Vulnerability Report VRT-2013-1001 Pidgin libpurple Gadu Gadu HTTP Content-Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6487 Description An exploitable remote code execution vulnerability exists in Pidgin’’s implementation of the Gadu Gadu protocol in the...
Open Automation Software OAS Platform OAS Engine User Creation improper input validation vulnerability
Talos Vulnerability Report TALOS-2023-1772 Open Automation Software OAS Platform OAS Engine User Creation improper input validation vulnerability September 5, 2023 CVE Number CVE-2023-34317 SUMMARY An improper input validation vulnerability exists in the OAS Engine User Creation functionality of...