2224 matches found
Simple DirectMedia Layer SDL2_Image IMG_LoadLBM_RW Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
Blender modifier_mdef_compact_influences Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the modifiermdefcompactinfluences functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context ...
Blender Object CustomData_external_read Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the CustomData Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under...
libxls xls_addCell Formula Code Execution Vulnerability
Summary An exploitable out-of-bounds vulnerability exists in the xlsaddCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. Tested...
FreeRDP Rdp Client Read Server Proprietary Certificate Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the...
Invincea-X SboxDrv.sys Version Number Query Local Privilege Escalation Vulnerability
Summary An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a specia...
Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0151 Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4296 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul Office...
OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability
Talos Vulnerability Report TALOS-2016-0051 OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability July 21, 2016 CVE Number CVE-2016-1513 Description An exploitable out-of-bounds vulnerability exists in OpenOffice when handling MetaActions. A specially crafted Open Office Impress file c...
Oracle IOT IX SDK libvs_pdf XRef Index Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0086 Oracle IOT IX SDK libvspdf XRef Index Code Execution Vulnerability April 19, 2016 CVE Number CVE-2016-3455 DESCRIPTION A vulnerability in PDF parser of the IX SDK exists that allows an out of bounds heap memory overwrite potentially leading to remote cod...
Network Time Protocol Deja Vu: Broadcast Mode Replay Vulnerability
Summary Expected Behavior: RFC 5905 page 29 Section 8 states that the on-wire protocol resists replay of server response packet in broadcast mode. Also on page 55 section 15, the RFC claims security in authenticated mode against on-path attackers where an attacker can: a Intercept and archive...
MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-1953 MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities November 21, 2024 CVE Number CVE-2024-28027,CVE-2024-28025,CVE-2024-28026 SUMMARY Three OS command injection vulnerabilities exist in the web interface I/O...
Microsoft Word for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1977 Microsoft Word for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41165 SUMMARY A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word’s access privileges,...
LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability
Talos Vulnerability Report TALOS-2023-1873 LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability July 8, 2024 CVE Number CVE-2023-49593 SUMMARY Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network...
Realtek rtl819x Jungle SDK configuration file mib_init_value_array heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1911 Realtek rtl819x Jungle SDK configuration file mibinitvaluearray heap-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2024-21778 SUMMARY A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray...
Weston Embedded uC-HTTP HTTP Server heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1843 Weston Embedded uC-HTTP HTTP Server heap-based buffer overflow vulnerability February 20, 2024 CVE Number CVE-2023-45318 SUMMARY A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit...
ManageEngine OpManager uploadMib directory traversal vulnerability
Talos Vulnerability Report TALOS-2023-1851 ManageEngine OpManager uploadMib directory traversal vulnerability January 8, 2024 CVE Number CVE-2023-47211 SUMMARY A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP...
Weston Embedded uC-HTTP HTTP Server buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1726 Weston Embedded uC-HTTP HTTP Server buffer overflow vulnerability November 14, 2023 CVE Number CVE-2023-25181 SUMMARY A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially...
Yifan YF325 httpd debug credentials leftover debug code vulnerability
Talos Vulnerability Report TALOS-2023-1752 Yifan YF325 httpd debug credentials leftover debug code vulnerability October 11, 2023 CVE Number CVE-2023-32645 SUMMARY A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially...
Yifan YF325 httpd manage_post stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1787 Yifan YF325 httpd managepost stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35965,CVE-2023-35966 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325...
peplink Surf SOHO HW1 upload_brand.cgi cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2023-1781 peplink Surf SOHO HW1 uploadbrand.cgi cross-site scripting XSS vulnerability October 11, 2023 CVE Number CVE-2023-34354 SUMMARY A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in...
Milesight UR32L urvpn_client cmd_name_action OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2023-1710 Milesight UR32L urvpnclient cmdnameaction OS command injection vulnerabilities July 6, 2023 CVE Number CVE-2023-24583,CVE-2023-24582 SUMMARY Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L...
FreshTomato httpd logs/view.cgi OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1641 FreshTomato httpd logs/view.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-42484 SUMMARY An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP...
Siretta QUARTZ-GOLD httpd txt/restore.cgi OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1612 Siretta QUARTZ-GOLD httpd txt/restore.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40220 SUMMARY An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD...
Robustel R1510 js_package install OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1577 Robustel R1510 jspackage install OS command injection vulnerability October 14, 2022 CVE Number CVE-2022-33150 SUMMARY An OS command injection vulnerability exists in the jspackage install functionality of Robustel R1510 3.1.16. A specially-crafted netwo...
Robustel R1510 sysupgrade command injection OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1576 Robustel R1510 sysupgrade command injection OS command injection vulnerability October 14, 2022 CVE Number CVE-2022-32765 SUMMARY An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and...
TCL LinkHub Mesh Wi-Fi confctl_set_wan_cfg denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1506 TCL LinkHub Mesh Wi-Fi confctlsetwancfg denial of service vulnerability August 1, 2022 CVE Number CVE-2022-27178 SUMMARY A denial of service vulnerability exists in the confctlsetwancfg functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A...
Leadtools fltSaveCMP integer overflow vulnerability
Summary An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability. Tested Versions...
Gerbv RS-274X aperture macro multiple outline primitives out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev commit b5f1eacd, and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a...
Moxa MXView Series Web Application authentication bypass vulnerability
Summary An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Moxa MXView Series 3.2.4...
Sealevel Systems, Inc. SeaConnect 370W URL_decode out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the URLdecode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Tested...
Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_SERVER_LIST_REQUEST out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2021-1378 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETSERVERLISTREQUEST out-of-bounds write vulnerability November 29, 2021 CVE Number CVE-2021-21950,CVE-2021-21951 SUMMARY An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST...
Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1369 Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability October 11, 2021 CVE Number CVE-2021-21940 SUMMARY A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase ...
AT&T Labs Xmill XML parsing CreateLabelOrAttrib memory corruption vulnerability
Summary A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0...
Apple macOS SMB server directory query arbitrary file access
Summary An arbitrary file access vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB request can leak metadata of arbitrary files. This vulnerability can be triggered by sending a malicious packet to the vulnerable server. Tested Versions Apple macOS 11.2 Product URLs...
Trend Micro Inc. Home Network Security SFTP log collection server hard-coded password vulnerability
Summary A hard-coded password vulnerability exists in the SFTP Log Collection Server function of Trend Micro Inc.’s Home Network Security 6.1.567. A specially crafted network request can lead to arbitrary authentication. An attacker can send an unauthenticated message to trigger this vulnerabilit...
Prusa Research PrusaSlicer Admesh stl_fix_normal_directions() out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the Admesh stlfixnormaldirections functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MOV_SAT code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg MOVSAT functionality of the NVIDIA D3D10 driver, version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V...
3S-Smart Software Solutions CODESYS GatewayService memory corruption vulnerability
Summary An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send ...
Accusoft ImageGear PNG IHDR width code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to th...
WAGO PFC200 iocheckd service "I/O-Check" cache DNS code execution vulnerability
Summary An exploitable stack buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send...
Signal Messenger Android self deleting messages Information Disclosure Vulnerability
Summary Signal Messenger for Android 4.24.8 may expose private information when using “disappearing messages.” If a user uses the photo feature available in the “attach file” menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system...
Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability
Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...
Antenna House Office Server Document Converter putShapeProperty Code Execution Vulnerability
Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...
Insteon Hub HTTPExecuteGet Parameters Extraction Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger...
Hyland Perceptive Document Filters OpenDocument to JPEG conversion SkCanvas Code Execution vulnerability
Summary An exploitable double free exists in the OpenDocument to JPEG conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. Tested Versions Perceptive...
Nvidia D3D10 Driver Pixel Shader Functionality Denial Of Service
Summary An exploitable denial-of-service vulnerability exists in the Nvidia D3D10 Driver 22.21.13.8607. A specially crafted pixel shader can cause a stack overflow exception, resulting in at least denial of service. An attacker can provide a specially crafted shader file either in binary or text...
Leptonica gplotMakeOutput Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application...
Computerinsel Photoline PCX Parsing Code Execution Vulnerability
Summary An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability. Tested...
Corel PHOTO-PAINT X8 TIFF Filter Code Execution Vulnerability
Summary A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this...
Tarantool Msgpuck mp_check Denial Of Service Vulnerability
Summary An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool’s Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of ...