2224 matches found
Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1770 Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability September 5, 2023 CVE Number CVE-2023-34998 SUMMARY An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platfor...
Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability
Talos Vulnerability Report TALOS-2021-1259 Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability October 12, 2021 CVE Number CVE-2021-40474 Details Microsoft Office is a suite of tools used for productivity in both a corporate environment as well as by end-users. It...
Webkit WebSocket code execution vulnerability
Summary A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...
GOG Galaxy Games privileged helper denial-of-service vulnerability
Summary An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable. Tested Versions Gog...
Foxit PDF Reader Javascript MailForm Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to tri...
Allen Bradley Micrologix 1400 Series B Ladder Logic Program Download Device Fault Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to...
Buildroot package hash checking data integrity vulnerabilities
Talos Vulnerability Report TALOS-2023-1844 Buildroot package hash checking data integrity vulnerabilities December 5, 2023 CVE Number CVE-2023-45841,CVE-2023-45842,CVE-2023-45838,CVE-2023-45839,CVE-2023-45840 SUMMARY Multiple data integrity vulnerabilities exist in the package hash checking...
InHand Networks InRouter302 libnvram.so nvram_import improper input validation vulnerabilities
Summary Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested...
Sytech XL reporter installation privilege escalation vulnerability
Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the...
OS4Ed openSIS install remote code execution vulnerability
Summary A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. A specially crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.4 Product URLs...
OS4Ed openSIS GetSchool.php SQL injection Vulnerability
Summary An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...
WAGO PFC200 iocheckd service "I/O-Check" external tool information exposure vulnerability
Summary An exploitable information exposure vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker...
WAGO PFC200 iocheckd service "I/O-Check" Erase Denial of Service Vulnerability
WAGO PFC200 iocheckd service “I/O-Check” Erase Denial of Service Vulnerability Summary An exploitable denial of service vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a denial of service, resulting in the device...
LEADTOOLS CMP-parsing code execution vulnerability
Summary An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...
GOG Galaxy Games createFolderAtPath privilege escalation vulnerability
Summary An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories...
ProcessMaker Enterprise Core Multiple SQL Injection Vulnerabilities
Summary Multiple exploitable SQL Injection vulnerabilities exists in ProcessMarker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,...
Libgraphite LocaLookup Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0061 Libgraphite LocaLookup Denial of Service Vulnerability February 5, 2016 CVE Number CVE-2016-1521 Description An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds re...
NVIDIA D3D10 Driver nvwgf2umx_cfg.dll nvwg DCL_CONSTANT_BUFFER code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg DCLCONSTANTBUFFER functionality of NVIDIA D3D10 Driver Version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V...
OS4Ed openSIS Validator.php SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Produc...
GNU glibc ARMv7 memcpy() memory corruption vulnerability
Summary An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the ‘num’ parameter results in a signed comparison vulnerability. If an attacker...
Accusoft ImageGear BMP code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to...
Schneider Electric Modicon M580 Mismatched Firmware Image FTP Upgrade Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the FTP firmware update functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted firmware image can cause the device to enter a recoverable fault state,...
ProtonVPN VPN client connect privilege escalation vulnerability
Summary An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system’s privileges. Tested Versions...
Moxa EDR-810 Cleartext Transmission of Password Vulnerability
Summary An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as...
Apple OS X Gen6Accelerator IOGen575Shared::new_texture Local Privilege Escalation Vulnerability
SUMMARY A vulnerability exists in the communication functionality of the Apple Intel HD 3000 Graphics kernel driver. A specially crafted message can cause a vulnerability resulting in local privilege escalation. TESTED VERSIONS Apple OSX Intel HD 3000 Graphics driver 10.0.0 -...
Swift Sensors Gateway device password generation authentication bypass vulnerability
Summary An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Version...
Reolink RLC-410W cgiserver.cgi cgi_check_ability improper access control vulnerabilities
Summary Multiple incorrect default permissions vulnerabilities exist in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Teste...
CloudLinux Inc Imunify360 Ai-Bolit php unserialize vulnerability
Summary A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.8 and 5.9. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...
D-LINK DIR-3040 WiFi Smart Mesh information disclosure vulnerability
Summary An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. Tested Versions D-LINK DIR-3040...
Moxa AWK-3131A Encrypted Diagnostic Script Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An...
Moxa AWK-3131A ServiceAgent Use of Hard-coded Cryptographic Key
Summary The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Tested Versions Moxa AWK-3131A Firmware version 1.13 Product URLs...
LEADTOOLS JPEG2000 j2pc Parsing Remote Code Execution Vulnerability
Summary An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this...
Google V8 Array.prototype Memory Corruption Vulnerability
Summary A specific JavaScript code can trigger a memory corruption in V8 7.3.492.17 which could potentially be abused for remote code execution. In order to trigger this vulnerability in the context of a browser, such as Google Chrome, the victim would need to visit a malicious web page. Tested...
Capsule Technologies SmartLinx Neuron 2 restricted environment protection mechanism failure vulnerability
Summary A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in ful...
Pixar Renderman IT Display Service 0x67 Command Denial of Service Vulnerability
Summary A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer...
Tinysvcmdns Multi-label DNS mdns_parse_qn Denial Of Service Vulnerability
Summary An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to server crash and denial of service. An attacker needs to send a DNS query to trigger this...
Apple Image I/O EXR Compression Remote Code Execution Vulnerability
SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...
Texas Instruments CC3200 SimpleLink Solution HTTP Server /ping.html information disclosure vulnerability
Summary An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability...
Genivia gSOAP WS-Addressing plugin denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product UR...
WAGO PFC200 Cloud Connectivity Multiple Command Injection Vulnerabilities
Summary An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WAGO...
WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Memory Corruption Vulnerabilities
Summary An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted xml cache file written to a specific location on the device can cause a stack buffer overflow, resulting in a denial of service an...
Accusoft ImageGear PCX uncompress_scan_line buffer size computation code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the uncompressscanline function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide ...
Accusoft ImageGear PCX uncompress_scan_line buffer copy operation code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the uncompressscanline function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide ...
YouPHPTube /plugin/AD_Server/view/campaignsVideos.json.php id SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
GOG Galaxy Games directory insecure file permissions local privilege elevation vulnerability
Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s “Games” directory. An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges. Tested Versions Gog...
FocalScope XML External Entity Injection Vulnerability
Summary An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope’s server that could cause an XXE, and potentially result in data compromise. Tested Versions...
Qt Project Qt QML QtScript Javascript spreading buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1650 Qt Project Qt QML QtScript Javascript spreading buffer overflow vulnerability January 12, 2023 CVE Number CVE-2022-43591 SUMMARY A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript...
Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP format string injection vulnerabilities
Talos Vulnerability Report TALOS-2022-1581 Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35877,CVE-2022-35874,CVE-2022-35875,CVE-2022-35876 SUMMARY Four format string injection vulnerabilities exist in...
CODESYS Development System ComponentModel Profile.FromFile() Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...
Win-911 Enterprise Platform privilege escalation vulnerability
Summary Multiple exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when...