2224 matches found
Sealevel Systems, Inc. SeaConnect 370W Modbus/SeaMAX Remote Configuration denial of service vulnerabilities
Summary Two denial of service vulnerabilities exist in the Modbus/SeaMAX Remote Configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger these vulnerabilities...
Nitro Pro PDF JavaScript document.flattenPages JSStackFrame stack-based use-after-free vulnerability
Summary An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution...
FreyrSCADA IEC-60879-5-104 server simulator traffic logging denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions FreyrSCA...
Lantronix XPort EDGE Web Manager CSRF vulnerability
Summary An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Test...
Foxit Reader Javascript Field fileSelect Use After Free Vulnerability
Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Internet Systems Consortium's BIND TCP Receive Buffer Length Assertion Check Denial of Service Vulnerability
Summary An assertion failure exists within the Internet Systems Consortium’s BIND server versions 9.16.1 through 9.17.1 when processing TCP traffic via the libuv library. Due to a length specified within a callback for the library, flooding the server’s TCP port used for larger DNS requests AXFR...
Microsoft Office Excel HTML and XML Table Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the HTML and XML Table functionality of Excel in Microsoft Office 2016 Professional Plus, version 2002, build 12527.20242 x86 and Microsoft Office 365 Pro Plus x86, version 1908, build 11929.20606. A specially crafted malformed file ca...
Epee Levin Packet Deserialization Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Levin deserialization functionality of the epee library. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Tested Versions Monero...
ACD Systems Canvas Draw 4 Resolution_Set Out of Bounds Write Code Execution Vulnerability
Summary An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...
Antenna House Office Server Document Converter OLEread Code Execuction Vulnerability
Summary An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted PowerPoint PPT document can lead to heap corruption, resulting in remote code execution...
VMware Workstation 14 Shader Functionality Denial Of Service
Summary An exploitable denial-of-service vulnerability exists in the VMware Workstation 14. A specially crafted pixel shader can cause a read access violation resulting in, at least, denial of service. An attacker can provide a specially crafted shader file either in binary or text form to trigge...
Insteon Hub HTTPExecuteGet Firmware Update Information Leak Vulnerability
Summary An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can sen...
Hyland Perceptive Document Filters DOCX to HTML Code Execution Vulnerability
Summary An exploitable use after free exists in the DOCX to HTML conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted DOCX document can lead to a use-after-free resulting in direct code execution. Tested Versions Perceptive Document Filters 11.4.0.264...
IBM DB2 Shared Memory Insecure Permissions Vulnerability
Summary An exploitable shared memory permissions vulnerability exists in the functionality of IBM DB2 10.5.0.7. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. Tested Versions IBM DB2 10.5.0.7 Product URLs...
Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability
Summary An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to...
Blender Sequencer imb_loadtiff Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .tif file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Microsoft Edge Content Security Bypass Vulnerability
Summary An exploitable information leak vulnerability exists in the Content Security Policy enforcement functionality of Microsoft Edge 40.15063.0.0. A specially crafted web page can cause a content security policy bypass resulting in an information leak. An attacker can create a malicious webpag...
Apple Quicktime tkhd Atom Matrix Corruption Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0016 Apple Quicktime tkhd Atom Matrix Corruption Denial of Service Vulnerability July 20, 2015 CVE Number CVE-2015-5786 Description An exploitable denial of service vulnerability exists in Apple Quicktime. An attacker who can control the values in the matrix...
WWBN AVideo aVideoEncoderReceiveImage.json.php image upload information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1880 WWBN AVideo aVideoEncoderReceiveImage.json.php image upload information disclosure vulnerability January 10, 2024 CVE Number CVE-2023-49864,CVE-2023-49863,CVE-2023-49862 SUMMARY An information disclosure vulnerability exists in the...
Asus RT-AX82U cfg_server cm_processREQ_NC information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1590 Asus RT-AX82U cfgserver cmprocessREQNC information disclosure vulnerability January 10, 2023 CVE Number CVE-2022-38105 SUMMARY An information disclosure vulnerability exists in the cmprocessREQNC opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router’s...
Lansweeper lansweeper SanitizeHtml cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2022-1541 Lansweeper lansweeper SanitizeHtml cross-site scripting XSS vulnerability December 1, 2022 CVE Number CVE-2022-32763 SUMMARY A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper...
Accusoft ImageGear DecoderStream::Append heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10...
Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability
Talos Vulnerability Report TALOS-2021-1240 Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability April 22, 2021 CVE Number CVE-2021-31518 SUMMARY A denial-of-service vulnerability exists in the tdts.ko TRF file-parsing function of Trend Micro Inc.’s Home...
Nitro Pro PDF JPEG2000 Stripe Sub-sample Decoding Out-of-bounds Write Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile...
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment Vulnerability
Summary An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An...
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change Vulnerability
Summary An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password ...
Computerinsel Photoline ANI Parsing Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this...
coTURN TURN server unsafe loopback forwarding default configuration vulnerability
Summary An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running o...
CPP-Ethereum JSON-RPC miner_start improper authorization Vulnerability
Summary An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...
libxls xls_getfcell Code Execution Vulnerability
Summary An exploitable stack based buffer overflow vulnerability exists in the xlsgetfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested Version...
Cesanta Mongoose Websocket Protocol Fragmented Packet Code Execution Vulnerability
Summary An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited...
National Instruments LabVIEW RSRC Arbitrary Null Write Code Execution Vulnerability
Summary An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW. A specially crafted VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this...
Network Time Protocol Trap Crash Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the trap functionality of ntpd. If an ntpd instance is configured to send traps, a specially crafted network packet can be used to cause a null pointer dereference resulting in a denial of service. This vulnerability can be triggere...
LibTIFF Tag Extension Remote Code Execution Vulnerability
Report ID page.status Summary An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered t...
Kaspersky Internet Security KLIF Driver NtAdjustTokenPrivileges_HANDLER Denial of Service
Summary A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user mo...
Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0013 Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3789 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the number of...
Moxa SDS-3008 Series Industrial Ethernet Switch web application stored cross-site scripting vulnerability
Talos Vulnerability Report TALOS-2022-1619 Moxa SDS-3008 Series Industrial Ethernet Switch web application stored cross-site scripting vulnerability February 2, 2023 CVE Number CVE-2022-41313,CVE-2022-41311,CVE-2022-41312 SUMMARY A stored cross-site scripting vulnerability exists in the web...
Siretta QUARTZ-GOLD m2m m2m_parse_router_config cmd OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2022-1640 Siretta QUARTZ-GOLD m2m m2mparserouterconfig cmd OS command injection vulnerabilities January 26, 2023 CVE Number CVE-2022-42492,CVE-2022-42491,CVE-2022-42493,CVE-2022-42490 SUMMARY Several OS command injection vulnerabilities exist in the m2m binary of...
Siretta QUARTZ-GOLD httpd upload.cgi file write vulnerability
Talos Vulnerability Report TALOS-2022-1611 Siretta QUARTZ-GOLD httpd upload.cgi file write vulnerability January 26, 2023 CVE Number CVE-2022-39045 SUMMARY A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HT...
WWBN AVideo objects id handling authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1536 WWBN AVideo objects id handling authentication bypass vulnerability August 16, 2022 CVE Number CVE-2022-32768,CVE-2022-32769 SUMMARY Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev...
TCL LinkHub Mesh Wifi confctl_get_guest_wlan information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1503 TCL LinkHub Mesh Wifi confctlgetguestwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27633 SUMMARY An information disclosure vulnerability exists in the confctlgetguestwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014...
Sealevel Systems, Inc. SeaConnect 370W OTA Update "u-download" heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to...
Reolink RLC-410W "factory" binary firmware update vulnerability
Summary A firmware update vulnerability exists in the "factory" binary of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Reolink...
Nitro Pro PDF JavaScript TimeOutObject double free vulnerability
Summary An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This...
Trend Micro Inc. Home Network Security tdts.ko chrdev_ioctl_handle privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the tdts.ko chrdevioctlhandle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to code execution. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Trend Micro,...
Advantech WebAccess/SCADA installation local file inclusion
Summary A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. Tested Versions Advantech...
OpenEMR GACL cross-site request forgery vulnerability
Summary A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 commit babec93f600ff1394f91ccd512bcad85832eb6ce. A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An...
freeDiameter freeDiameterd Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2020-1030 freeDiameter freeDiameterd Denial of Service Vulnerability July 28, 2020 CVE Number CVE-2020-6098 SUMMARY An exploitable denial of service vulnerability exists in the freeDiameterd functionality of freeDiameter 1.3.2. A specially crafted Diameter request...
Moxa AWK-3131A iw_webs DecryptScriptFile file name Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. A...
Microsoft Remote Desktop Services (RDP7) Windows XP Multiple Information Leak Vulnerabilities
Summary Exploitable information leak vulnerabilities exists in the RDP7 implementation of Microsoft’s Remote Desktop Services on Windows XP. Various aspects of the T.128 protocol, such as capability negotiation, can cause an information leak, which can provide an attacker information about the...