2224 matches found
Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability
Talos Vulnerability Report VRT-2014-0205 Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability November 6, 2014 CVE Number CVE-2014-3697 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the TAR archive parsing functionality. An attacker wh...
Microsoft Windows CLIPSP.SYS License Update Field Type 0xCC out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1971 Microsoft Windows CLIPSP.SYS License Update Field Type 0xCC out-of-bounds read vulnerability August 13, 2024 CVE Number None SUMMARY An out-of-bounds read vulnerability exists in the License Update Field Type 0xCC functionality of Microsoft Windows...
Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability
Talos Vulnerability Report TALOS-2023-1845 Buildroot BRNOCHECKHASHFOR data integrity vulnerability December 5, 2023 CVE Number CVE-2023-43608 SUMMARY A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted...
IBM Corporation AIX errlog() Log Injection Vulnerability
Talos Vulnerability Report TALOS-2023-1690 IBM Corporation AIX errlog Log Injection Vulnerability April 24, 2023 CVE Number None,CVE-2023-26286 SUMMARY An OS command injection vulnerability exists in the errlog syscall functionality of IBM Corporation AIX 7.2. A specially crafted syscall can lead...
WellinTech KingHistorian SORBAx64.dll RecvPacket integer conversion vulnerability
Talos Vulnerability Report TALOS-2022-1674 WellinTech KingHistorian SORBAx64.dll RecvPacket integer conversion vulnerability March 20, 2023 CVE Number CVE-2022-43663 SUMMARY An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian...
Bachmann Visutec GmbH Atvise License registration information disclosure vulnerability
Summary An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this...
Lansweeper lansweeper AssetActions.aspx SQL injection vulnerability
Summary An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper lansweeper...
Reolink RLC-410W cgiserver.cgi command parser denial of service vulnerability
Summary A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested...
Lantronix PremierWave 2050 Web Manager FsTFtp directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite and arbitrary file disclosure. An attacker can make an authenticated HTTP request to...
ZTE MF971R STK_PROCESS stack-based buffer overflow vulnerability
Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow and leads to remote code execution. An attacker needs to provide a URL to the...
Genivia gSOAP WS-Addressing plugin code execution vulnerability redux
Talos Vulnerability Report TALOS-2021-1245 Genivia gSOAP WS-Addressing plugin code execution vulnerability redux March 24, 2021 CVE Number CVE-2021-21783 Summary A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP...
EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...
Moxa MXView series installation privilege escalation vulnerability
Talos Vulnerability Report TALOS-2020-1148 Moxa MXView series installation privilege escalation vulnerability November 3, 2020 CVE Number CVE-2020-13537,CVE-2020-13536 SUMMARY Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Moxa MXView series...
Microsoft Azure Sphere ASXipFS inode type privilege escalation vulnerability
Talos Vulnerability Report TALOS-2020-1131 Microsoft Azure Sphere ASXipFS inode type privilege escalation vulnerability July 31, 2020 CVE Number None SUMMARY A privilege escalation vulnerability exists in the ASXipFS inode type functionality of Microsoft Azure Sphere 20.06. A specially crafted...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality RESOURCE Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be...
Accusoft ImageGear TIFF fill_in_raster buffer copy operation code execution vulnerability
Summary An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a...
Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability
Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...
AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability
Summary An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially...
OpenCV JSON persistence parser buffer overflow vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a...
LEADTOOLS libltdic.so DICOM LDicomNet::SendData Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this...
Foxit PDF Reader XFA xdpContent information leak vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software’s PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitati...
VMware VNC Lock Count Denial of Service Vulnerability
Summary An exploitable Denial of Service vulnerability exists in the remote management functionality of VMware . A large amount of VNC connections can cause an exception in the server to trigger, resulting in a shutdown of the virtual machine. An attacker can initiate VNC sessions to trigger this...
CPP-Ethereum libevm create2 Information Leak Vulnerability
Summary An exploitable information leak / denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker ca...
Circle with Disney libbluecoat.so SSL TLD MITM Vulnerability
Summary An exploitable vulnerability exists in filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
Circle with Disney Firmware Update Signature Check Bypass Vulnerability
Summary An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series...
FreeXL read_biff_next_record Code Execution Vulnerability
Summary An exploitable heap based buffer overflow vulnerability exists in the readbiffnextrecord function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested...
AntennaHouse DMC HTMLFilter PPT DHFSummary Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide maliciou...
Oracle Outside In Technology PDF parser confusion Code Execution Vulnerability
Summary An exploitable arbitrary write vulnerability exists in the PDF parser functionality of Oracle Outside In Technology SDK. A specially crafted PDF document can cause a parser confusion resulting in an arbitrary write vulnerability ultimately leading to code execution. Tested Versions Oracle...
FreeImage Library XMP Image Handling Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this...
OpenJPEG JPEG2000 mcc record Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful...
Network Time Protocol Reference Clock Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0064 Network Time Protocol Reference Clock Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7853 Description A potential buffer overflow vulnerability exists in the refclock of ntpd. An invalid length provided by a hardware reference clock...
Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability
Talos Vulnerability Report VRT-2013-1004 Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6490 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of SIP/SIMPLE message handling. An attacker...
Open Babel translationVectors parsing out-of-bounds write vulnerabilities
Talos Vulnerability Report TALOS-2022-1666 Open Babel translationVectors parsing out-of-bounds write vulnerabilities July 21, 2023 CVE Number CVE-2022-46292,CVE-2022-46295,CVE-2022-46294,CVE-2022-46293,CVE-2022-46291 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the...
Robustel R1510 web_server /ajax/remove/ directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1579 Robustel R1510 webserver /ajax/remove/ directory traversal vulnerability October 14, 2022 CVE Number CVE-2022-33897 SUMMARY A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A...
WWBN AVideo cookie information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1542 WWBN AVideo cookie information disclosure vulnerability August 16, 2022 CVE Number CVE-2022-32777,CVE-2022-32778 SUMMARY An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The...
Lantronix PremierWave 2050 Web Manager Wireless Network Scanner OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...
Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability
Talos Vulnerability Report TALOS-2020-1127 Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability October 20, 2020 CVE Number CVE-2020-6542 SUMMARY A code execution vulnerability exists in the WebGL functionality of Google Chrome 84.0.4147.89 and 85.0.4169.0 Developer Build...
Microsoft Azure Sphere AF_AZSPIO socket memory corruption vulnerability
Summary A memory corruption vulnerability exists in the AFAZSPIO socket functionality of Microsoft Azure Sphere 20.05. A sequence of socket operations can cause a double-free and out-of-bounds read in the kernel. An attacker can write a shellcode to trigger this vulnerability. Tested Versions...
Accusoft ImageGear ICO ico_read buffer size computation code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the icoread function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to...
Microsoft Media Foundation CQTMetadataKeysAtom GetKeyForIndex Information Disclosure Vulnerability
Summary An exploitable code execution vulnerability exists in the CQTMetadataKeysAtom GetKeyForIndex functionality of Microsoft Corporation Microsoft Media Foundation 10.0.18362.476. A specially crafted malformed file can cause code execution resulting in remote code execution. An attacker can...
Mini-SNMPD socket disconnect denial-of-service vulnerability
Talos Vulnerability Report TALOS-2019-0977 Mini-SNMPD socket disconnect denial-of-service vulnerability February 3, 2020 CVE Number CVE-2020-6060 Summary A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP...
Foxit PDF Reader JavaScript field keystroke action remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user t...
OpenCV XML Persistence Parser Buffer Overflow Vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially...
Schneider Electric Modicon M580 TFTP server information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the TFTP server functionality of the Schneider Electric Modicon M580 Programmable Automation Controller. A specially crafted TFTP get request can cause a file download, resulting in disclosure of sensitive information. An...
ACD Systems Canvas Draw 4 Huff Table Out-of-bounds Write Code Execution Vulnerability
Summary An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...
Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability
Summary An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of...
Blender customData_add_layer__internal Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute tface of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context o...
Apache OpenOffice DOC ImportOldFormatStyles Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the WW8RStyle::ImportOldFormatStyles functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause a out-of-bounds write resulting in arbitrary code execution. An attacker can send/provide malicious doc file to...
FreeXL BIFF Dimension Marker Code Execution Vulnerability
Summary An exploitable heap-based buffer overflow vulnerability exists in the readlegacybiff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested...