2224 matches found
Open Babel GRO format res uninitialized pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1668 Open Babel GRO format res uninitialized pointer dereference vulnerability July 21, 2023 CVE Number CVE-2022-42885 SUMMARY A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit...
Netgear Orbi Satellite RBS750 ubus backend communications command execution vulnerability
Talos Vulnerability Report TALOS-2022-1597 Netgear Orbi Satellite RBS750 ubus backend communications command execution vulnerability March 21, 2023 CVE Number CVE-2022-36429 SUMMARY A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite...
WWBN AVideo videoAddNew cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2022-1540 WWBN AVideo videoAddNew cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-28712 SUMMARY A cross-site scripting xss vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...
Accusoft ImageGear JPEG-JFIF lossless Huffman parser heap-based buffer overflow vulnerabilities
Summary Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Tested...
Hancom Office 2020 Hword HwordApp.dll SectorLoc heap-based buffer overflow
Summary A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this...
Sealevel Systems, Inc. SeaConnect 370W HandleSeaCloudMessage out-of-bounds write vulnerabilities
Summary Two out-of-bounds write vulnerabilities exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger these...
Anker Eufy Homebase 2 home_security process_msg() authentication bypass vulnerability
Talos Vulnerability Report TALOS-2021-1380 Anker Eufy Homebase 2 homesecurity processmsg authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21953 SUMMARY An authentication bypass vulnerability exists in the processmsg function of the homesecurity binary of Anker Eufy Homeba...
Adobe Acrobat Reader DC JavaScript search query code execution vulnerability
Summary A use-after-free vulnerability exists in the way Adobe Acrobat Reader DC 2020.013.20074 executes search queries through JavaScript. A specially crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious file to...
MZ Automation GmbH lib60870.NET ASDU message processing denial of service vulnerability
Summary A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability. Tested...
Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...
EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...
Microsoft Azure Sphere Normal World application PACKET_MMAP unsigned code execution vulnerability
Talos Vulnerability Report TALOS-2020-1134 Microsoft Azure Sphere Normal World application PACKETMMAP unsigned code execution vulnerability September 23, 2020 CVE Number None SUMMARY A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure...
Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability
Summary A memory corruption vulnerability exists in the way Google Chrome 83.0.4103.61 executes JavaScript inside PDF documents. A specially crafted web page can cause out of bounds memory access. To trigger this vulnerability, the victim must visit a malicious webpage or open a malicious PDF...
SoftPerfect RAM Disk spvve.sys 0x222024 information disclosure vulnerability
Talos Vulnerability Report TALOS-2020-1122 SoftPerfect RAM Disk spvve.sys 0x222024 information disclosure vulnerability August 4, 2020 CVE Number CVE-2020-13523 SUMMARY An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I...
Zoom client application chat Giphy arbitrary file write
Summary An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to...
Epignosis eFront LMS Password Reset authentication bypass vulnerability
Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...
CoTURN HTTP Server POST-parsing information leak vulnerability
Summary An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. Teste...
Mini-SNMPD socket disconnect denial-of-service vulnerability
Talos Vulnerability Report TALOS-2019-0977 Mini-SNMPD socket disconnect denial-of-service vulnerability February 3, 2020 CVE Number CVE-2020-6060 Summary A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP...
Foxit PDF Reader JavaScript field action OnBlur remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
EmbedThis GoAhead web server denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated i...
xcftools flattenIncrementally tiles walk code execution vulnerability
Summary An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In orde...
Adobe Acrobat Reader DC text field value remote code execution vulnerability redux
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.012.20035. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim...
Schneider Electric Modicon M580 TFTP server information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the TFTP server functionality of the Schneider Electric Modicon M580 Programmable Automation Controller. A specially crafted TFTP get request can cause a file download, resulting in disclosure of sensitive information. An...
Sierra Wireless AirLink ES450 ACEManager Cross-Site Request Forgery Vulnerability
Summary An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests bein...
Moxa EDR-810 Web Server ping Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...
Foscam IP Video Camera WebService CGI Parameter Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simp...
Apple Quicktime mdat Corruption Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0017 Apple Quicktime mdat Corruption Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3792 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...
Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability
Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...
AutomationDirect P3-550E Programming Software Connection FileSystem API out-of-bounds write vulnerabilities
Talos Vulnerability Report TALOS-2024-1938 AutomationDirect P3-550E Programming Software Connection FileSystem API out-of-bounds write vulnerabilities May 28, 2024 CVE Number CVE-2024-24956,CVE-2024-24957,CVE-2024-24959,CVE-2024-24958,CVE-2024-24955,CVE-2024-24954 SUMMARY Several out-of-bounds...
Peplink Smart Reader /bin/login privilege escalation vulnerability
Talos Vulnerability Report TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability April 17, 2024 CVE Number CVE-2023-40146 SUMMARY A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted...
Robustel R1510 sysupgrade firmware update vulnerability
Talos Vulnerability Report TALOS-2022-1580 Robustel R1510 sysupgrade firmware update vulnerability October 14, 2022 CVE Number CVE-2022-34845 SUMMARY A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can...
TCL LinkHub Mesh Wifi confsrv ucloud_add_node OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1458 TCL LinkHub Mesh Wifi confsrv ucloudaddnode OS command injection vulnerability August 1, 2022 CVE Number CVE-2022-22140 SUMMARY An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.001...
Accusoft ImageGear IGXMPXMLParser::parseDelimiter stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information...
Accusoft ImageGear TIFF parser heap-based buffer overflow vulnerabilities
Summary Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Tested Versions Accusoft ImageGear 19....
Foxit Reader deletePages use-after-free vulnerability
Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
AT&T Labs Xmill XML decompression PlainTextUncompressor::UncompressItem heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
Apple macOS SMB server TREE_CONNECT stack buffer overflow vulnerability
Summary A remote code execution vulnerability exists in the SMB Server Apple macOS 10.15.7. A specially crafted SMB packet can trigger a stack-based buffer overflow, which can lead to arbitrary code execution and denial of service. This vulnerability can be triggered by sending a malicious packet...
Nitro Pro Indexed ColorSpace Rendering Code Execution Vulnerability
Summary An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its...
Microsoft Azure Sphere Normal World application READ_IMPLIES_EXEC personality unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.06. A specially crafted shellcode can cause a process’ heap to become executable. An attacker can execute a shellcode that sets the READIMPLIESEXEC personality to...
W1.fi hostapd deauthentication denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in ...
Foxit PDF Reader JavaScript createTemplate Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to tric...
Circle with Disney Restore API Command Injection Vulnerability
Summary An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disn...
EZB Systems UltraISO ISO Parsing Code Execution Vulnerability
Summary An buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability. Tested...
Ichitaro Office JTD Figure handling Code Execution Vulnerability
Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro’s proprietary file format is a Compound Document similar to .doc for Microsoft Word called .jtd. Wh...
Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2023-1899 Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities July 8, 2024 CVE Number CVE-2023-50381,CVE-2023-50383,CVE-2023-50382 SUMMARY Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x...
Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability
Talos Vulnerability Report TALOS-2023-1693 Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability May 4, 2023 CVE Number CVE-2023-0698 SUMMARY An out-of-bounds memory access vulnerability exists in stats reporting functionality of the WebRTC implementation in Google Chro...
FreshTomato httpd update.cgi directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1642 FreshTomato httpd update.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-38451 SUMMARY A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can...
OpenImageIO PSD thumbnail resource code execution vulnerability
Talos Vulnerability Report TALOS-2022-1626 OpenImageIO PSD thumbnail resource code execution vulnerability December 22, 2022 CVE Number CVE-2022-41794 SUMMARY A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted...
Robustel R1510 web_server /action/import_authorized_keys/ OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1578 Robustel R1510 webserver /action/importauthorizedkeys/ OS command injection vulnerability October 14, 2022 CVE Number CVE-2022-34850 SUMMARY An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of...
Accusoft ImageGear parse_raster_data out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the parserasterdata functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10...