2224 matches found
AnyCubic Chitubox AnyCubic Plugin readDatHeadVec heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AnyCubi...
AT&T Labs Xmill multiple command line parsing vulnerabilities
Summary Multiple stack-based buffer overflow vulnerabilities exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. A specially crafted command-line argument can lead to code execution. An attacker can provide malicious input to trigger these vulnerabilities. Test...
Synology SRM lbd service Command Execution Vulnerability
Summary An exploitable command execution vulnerability exists in the lbd service functionality of Qualcomm lbd 1.1, as present in Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted debug command can overwrite arbitrary files with controllable content, resulting in remote code execution. An...
Microsoft Azure Sphere mtd character device driver privilege escalation vulnerability
Summary An arbitrary flash write vulnerability exists in the mtd character device driver of Microsoft Azure Sphere 20.06. A specially crafted ioctl can bypass file permissions and allow writes to flash by unauthorized users. An attacker can issue a MEMWRITE ioctl to trigger this vulnerability...
Microsoft Azure Sphere asynchronous ioctl denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write a shellcode to trigger this vulnerability. Tested Versions Microsoft Azure...
Accusoft ImageGear PNG store_data_buffer size computation code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the storedatabuffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed...
Videolabs libmicrodns 0.1.0 mdns_recv return value denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdnsrecv, the return value of the mdnsreadheader function is not checked, leading to an uninitialized variable usage that eventually...
Intel IGC64.DLL shader functionality DCL_INDEXABLE_TEMP denial-of-service vulnerability
Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, versions 26.20.100.6709 and 26.20.100.6861. A specially crafted pixel shader can cause an out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this...
KCodes NetUSB unauthenticated remote kernel arbitrary memory read vulnerability
Summary An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid...
McAfee GetSusp VersionInfo Parsing Denial of Service Vulnerability
Summary An exploitable Denial of Service vulnerability exists in the file scanning functionality of McAfee GetSusp 3.0.0.461. A specially crafted executable can cause an infinite loop resulting in a Denial of Service. An attacker can scan this executable to trigger this vulnerability. Tested...
Bitdefender BOX 2 bootstrap update_setup command execution vulnerability
Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...
Sony IPELA E Series Camera measurementBitrateExec command injection vulnerability
Summary An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. Tested...
Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability
Summary A specific Javascript script embedded in a PDF file can cause the document ID field to be used in an unbounded copy operation leading to stack-based buffer overflow when opening a specially crafted PDF document in Adobe Acrobat Reader DC 2018.009.20044. This stack overflow can lead to...
Ledger CLI Tags Parsing Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause a integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. Tested...
National Instruments LabVIEW LvVarientUnflatten Code Execution Vulnerability
Summary An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled V...
Weston Embedded uC-HTTP HTTP Server Host header parsing memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1746 Weston Embedded uC-HTTP HTTP Server Host header parsing memory corruption vulnerability November 14, 2023 CVE Number CVE-2023-31247 SUMMARY A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded...
VMware vCenter DCERPC Improper calculation of authentication trailer pointer
Talos Vulnerability Report TALOS-2022-1658 VMware vCenter DCERPC Improper calculation of authentication trailer pointer July 13, 2023 CVE Number CVE-2023-20894 SUMMARY A memory corruption vulnerability exists in the DCERPC functionality of VMware vCenter Server 7.0.3.01000. A specially crafted...
Reolink RLC-410W cgiserver.cgi session creation denial of service vulnerability
Summary A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability. Tested...
IOBit Advanced SystemCare Ultimate exposed IOCTL 0x9c406144 vulnerability
Summary A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet IRP can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions...
Komoot GmbH Komoot Friend finder information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1288 Komoot GmbH Komoot Friend finder information disclosure vulnerability June 9, 2021 CVE Number CVE-2021-21823 Summary An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A special...
NZXT CAM WinRing0x64 Driver Privileged I/O Write IRPs Privilege Escalation Vulnerability
Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions...
Pixar OpenUSD binary file format offset seek information leak vulnerability
Summary An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used...
Aveva eDNA Enterprise data historian DNAPoints.asmx SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1107 Aveva eDNA Enterprise data historian DNAPoints.asmx SQL injection vulnerability September 23, 2020 CVE Number CVE-2020-13502 Summary An exploitable SQL injection vulnerability exists in the DNAPoints.asmx web Service functionality of eDNA Enterprise Data...
Videolabs libmicrodns 0.1.0 TXT record RDATA-parsing denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send ...
WAGO e!Cockpit network communication cleartext transmission vulnerability
Summary A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords,...
WAGO PFC200 iocheckd service "I/O-Check" ReadPSN remote code execution vulnerability
WAGO PFC200 iocheckd service “I/O-Check” ReadPSN remote code execution vulnerability Summary An exploitable heap buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a heap buffer overflow, potentially...
Adobe Acrobat Reader DC text field value remote code execution vulnerability — redux
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...
Adobe Acrobat Reader DC Text Field Value Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...
CPP-Ethereum JSON-RPC admin_addPeer Authorization Bypass Vulnerability
Summary An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...
Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability
Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a...
ansible-vault Yaml Load Code Execution Vulnerability
Summary An exploitable vulnerability exists in the yaml loading functionality of ansible-vault. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. Tested Versions ansible-vault...
Gdk-Pixbuf JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability
Summary An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. Tested...
Network Time Protocol Forced Interleaved Time Spoofing Vulnerability
SUMMARY It is possible to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-dst...
Milesight MilesightVPN requestHandlers.js detail_device cross-site scripting (XSS) vulnerabilities
Talos Vulnerability Report TALOS-2023-1704 Milesight MilesightVPN requestHandlers.js detaildevice cross-site scripting XSS vulnerabilities July 6, 2023 CVE Number CVE-2023-24497,CVE-2023-24496 SUMMARY Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice...
InHand Networks InRouter302 console infactory_net command injection vulnerability
Summary An OS command injection vulnerability exists in the console infactorynet functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Teste...
Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability
Summary A memory corruption vulnerability exists in the WebRTC functionality of Google Chrome 92.0.4515.159 Stable and 95.0.4623.0 Canary. A specially-crafted web page can trigger this vulnerability, which can cause a heap buffer overflow and result in remote code execution. Victim would need to...
Microsoft Azure Sphere kernel message ring buffer Information Disclosure Vulnerability
Summary An information disclosure vulnerability exists in the kernel message ring buffer functionality of Microsoft Azure Sphere 20.05. Unprivileged users can access the kernel message ring buffer, which can potentially leak sensitive information, such as kernel or userland memory addresses. An...
Intel Raid Web Console 3 add server denial-of-service vulnerability
Summary A remote, exploitable denial-of-service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can lead to a null pointer dereference in the Intel Raid Web Console server. This would result in a denial of service until the user restarts...
LEADTOOLS BMP Parsing Remote Code Execution Vulnerability
Summary An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerabilit...
Bitdefender BOX 2 bootstrap download_image command injection vulnerability
Summary An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands...
Microsoft Windows CDD Font Parsing Kernel Memory Corruption
Talos Vulnerability Report TALOS-2015-0007 Microsoft Windows CDD Font Parsing Kernel Memory Corruption September 15, 2015 CVE Number CVE-2015-2506 Description An exploitable kernel memory corruption vulnerability exists in Microsoft Windows. A specially crafted font file can cause the Microsoft...
Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debugdump.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-43491 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of...
Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface Radio Scheduling stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1888 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 web interface Radio Scheduling stack-based buffer overflow vulnerability April 9, 2024 CVE Number...
WPS Office ET Data use of uninitialized pointer vulnerability
Talos Vulnerability Report TALOS-2023-1748 WPS Office ET Data use of uninitialized pointer vulnerability November 27, 2023 CVE Number CVE-2023-31275 SUMMARY An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel fil...
Open Automation Software OAS Platform OAS Engine configuration file write vulnerability
Talos Vulnerability Report TALOS-2023-1771 Open Automation Software OAS Platform OAS Engine configuration file write vulnerability September 5, 2023 CVE Number CVE-2023-32615 SUMMARY A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS...
Robustel R1510 clish art2 command execution vulnerability
Summary A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R1510 3.3.0...
EIP Stack Group OpENer Ethernet/IP UDP handler information disclosure vulnerability
Summary An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read. Tested Versions EIP Stack Group OpENer 2.3 EIP Stack Group OpENe...
NZXT CAM WinRing0x64 driver IRP 0x9c40a148 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested...
NZXT CAM WinRing0x64 driver privileged I/O read IRPs information disclosure vulnerability
Summary An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this...
Aveva eDNA Enterprise Data Historian FavoritesService.asmx SQL injection Vulnerability
Talos Vulnerability Report TALOS-2020-1097 Aveva eDNA Enterprise Data Historian FavoritesService.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-6153 Summary An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA...