2224 matches found
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Password Parameter Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...
Network Time Protocol Broadcast Mode Replay Prevention Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the broadcast mode replay prevention functionality of ntpd. To prevent replay of broadcast mode packets, ntpd rejects broadcast mode packets with non-monotonically increasing transmit timestamps. Remote unauthenticated attackers can...
IBM Domino KeyView PDF Filter Encrypted Stream Code Execution Vulnerability
Summary A stack overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to process crash and possible arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While...
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the Channel Splitting functionality of MediaInfoLib versions: 26.01. A specially crafted .riff file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Confirmed Vulnerable...
Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1861 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 TDDP denial of service vulnerability April 9, 2024 CVE Number CVE-2023-49074 SUMMARY A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO...
Weston Embedded uC-HTTP HTTP Server memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1732 Weston Embedded uC-HTTP HTTP Server memory corruption vulnerability November 14, 2023 CVE Number CVE-2023-28391 SUMMARY A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Speciall...
OpenImageIO TIFF file string field information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1627 OpenImageIO TIFF file string field information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41977 SUMMARY An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A...
Ghost user enumeration vulnerablity
Talos Vulnerability Report TALOS-2022-1625 Ghost user enumeration vulnerablity December 21, 2022 CVE Number CVE-2022-41697 SUMMARY A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of...
InHand Networks InRouter302 console verify leftover debug code vulnerability
Talos Vulnerability Report TALOS-2022-1520 InHand Networks InRouter302 console verify leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-26023 SUMMARY A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A...
InHand Networks InRouter302 console infct leftover debug code vulnerability
Talos Vulnerability Report TALOS-2022-1519 InHand Networks InRouter302 console infct leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-30543 SUMMARY A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A...
Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2022-1568 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect OS command injection vulnerabilities October 20, 2022 CVE Number CVE-2022-33205,CVE-2022-33204,CVE-2022-33206,CVE-2022-33207 SUMMARY Four OS command injection...
Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2022-1559 Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP OS command injection vulnerabilities October 20, 2022 CVE Number CVE-2022-33194,CVE-2022-33195,CVE-2022-33193,CVE-2022-33192 SUMMARY Four OS command injection vulnerabilities exist in the...
WWBN AVideo aVideoEncoder wget OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1548 WWBN AVideo aVideoEncoder wget OS command injection vulnerability August 16, 2022 CVE Number CVE-2022-32572 SUMMARY An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...
ESTsoft Alyac OLE header Mini FAT sectors integer overflow
Talos Vulnerability Report TALOS-2022-1533 ESTsoft Alyac OLE header Mini FAT sectors integer overflow August 3, 2022 CVE Number CVE-2022-29886 SUMMARY An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buff...
TCL LinkHub Mesh Wifi ucloud_del_node denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1507 TCL LinkHub Mesh Wifi uclouddelnode denial of service vulnerability August 1, 2022 CVE Number CVE-2022-26346 SUMMARY A denial of service vulnerability exists in the uclouddelnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted...
Sealevel Systems, Inc. SeaConnect 370W OTA update task out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Tested...
Sealevel Systems, Inc. SeaConnect 370W OTA update task file overwrite vulnerability
Summary A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Tested Version...
Advantech R-SeeNet installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...
Systemd DHCP client denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the...
Pixar OpenUSD binary file format specs memory corruption
Summary An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, t...
Foxit PDF Reader Javascript Field Action Validate Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Forma LMS 2.2.1 /appCore/index.php users parameter SQL injections
Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
NASA CFITSIO `ffghbn` and `ffghtb` Stack Overflow Code Execution Vulnerabilities
Summary Exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this...
Computerinsel Photoline PCX Run Length Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
Natus Xltek EEG NeuroWorks RequestForPatientInfoEEGfile Code Execution Vulnerability
Summary An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigg...
Blender multires_load_old_dm base vertex map Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the multiresloadolddm functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
libxls xls_mergedCells Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the xlsmergedCells function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Tested Versions libxl...
FreeRDP Rdp Client GCC Read Server Security Data Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in...
Corel CorelDRAW X8 EMF Parser Code Execution Vulnerability
Summary An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 CdrGfx - Corel Graphics Engine 64-Bit - 18.1.0.661. A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific EMF file...
Pharos PopUp Printer Client memcpy Code Execution Vulnerability
Summary A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim’s computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening...
Hancom Hangul Office HShow!NXDeleteLineObj+0x560cb Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0144 Hancom Hangul Office HShow!NXDeleteLineObj+0x560cb Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4298 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...
Network Time Protocol libntp Message Digest Disclosure Vulnerability
SUMMARY An exploitable vulnerability exists in the message authentication functionality of Network Time Protocol libntp. An attacker can send a series of crafted messages to attempt to recover the message digest key. TESTED VERSIONS ntp 4.2.8p4 NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92...
Apple Quicktime Invalid URL Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0012 Apple Quicktime Invalid URL Atom Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3788 Description An exploitable denial of service vulnerability exists in Apple Quicktime. An attacker who can control the size of a “url” atom in a...
NVIDIA D3D10 Driver Shader Functionality dcl_resource_structured index memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1721 NVIDIA D3D10 Driver Shader Functionality dclresourcestructured index memory corruption vulnerability August 10, 2023 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality of NVIDIA D3D10 Driver NVIDIA D3D1...
Microsoft Office Excel WebCharts out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1734 Microsoft Office Excel WebCharts out-of-bounds write vulnerability June 13, 2023 CVE Number CVE-2023-33133 SUMMARY An access violation vulnerability exists in the WebCharts functionality of Microsoft Office Excel 2019 Plus version 2302 build 16130.20332....
Accusoft ImageGear Palette box parser heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10...
Google Chrome WebRTC addIceCandidate use after free vulnerability
Summary A use after free vulnerability exists in the WebRTC functionality of Google Chrome 91.0.4472.114 Stable and 93.0.4575.0 Canary. A specially-crafted web page can trigger reuse of previously freed memory which can lead to arbitrary code execution. Victim would need to visit a malicious...
Lantronix PremierWave 2050 Web Manager FsTFtp OS command injection vulnerabilities
Summary Multiple OS command injection vulnerabilities exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4. Specially-crafted HTTP requests can lead to arbitrary command execution. An attacker can make authenticated HTTP requests to trigger these vulnerabilities...
Trend Micro, Inc. Home Network Security tdts.ko chrdev_ioctl_handle privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the tdts.ko chrdevioctlhandle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to increased privileges. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Trend...
Accusoft ImageGear TIFF Header count processing out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...
Microsoft Azure Sphere Capability access control privilege escalation vulnerability
Talos Vulnerability Report TALOS-2020-1133 Microsoft Azure Sphere Capability access control privilege escalation vulnerability August 24, 2020 CVE Number None SUMMARY A privilege escalation vulnerability exists in the Capability access control functionality of Microsoft Azure Sphere 20.06. A set ...
AMD ATI Radeon ATIDXX64.DLL MAD shader functionality denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
Foxit PDF Reader Javascript createTemplate Invalid Page Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Schneider Electric Modicon M580 UMAS Function Code 0x29 Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the UMAS function code 0x29 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault stat...
Sony IPELA E Series Camera 802dot1xclientcert remote code execution vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to...
Insteon Hub PubNub Firmware Downgrade Vulnerability
Summary An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the firmware version that is going to be...
Foxit PDF Reader AssociatedFile Annotation Type Confusion
Summary An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory...
Computerinsel Photoline PCX Color Map Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
Simple DirectMedia Layer SDL2_Image IMG_LoadLBM_RW Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
Blender modifier_mdef_compact_influences Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the modifiermdefcompactinfluences functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context ...