2224 matches found
Network Time Protocol Private Mode 'reslist' Stack Memory Exhaustion Vulnerability
CERT VU357792 Summary An unauthenticated ntpdc reslist command can cause a segmentation fault in ntpd by exhausting the call stack. The following conditions must be met: 1. Mode 7 must be enabled. By default, mode 7 is disabled. 2. A large enough number of entries must be in the restrict lists to...
NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1956 NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability July 23, 2024 CVE Number CVE-2024-0107 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA GPU Compiler Driver 551.61,...
Realtek rtl819x Jungle SDK configuration file mib_init_value_array heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1911 Realtek rtl819x Jungle SDK configuration file mibinitvaluearray heap-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2024-21778 SUMMARY A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray...
Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability
Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress...
The Biosig Project libbiosig sopen_FAMOS_read integer underflow to out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1922 The Biosig Project libbiosig sopenFAMOSread integer underflow to out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-23313 SUMMARY An integer underflow vulnerability exists in the sopenFAMOSread functionality of The Biosig Project...
WWBN AVideo userRecoverPass.php recoverPass generation insufficient entropy vulnerability
Talos Vulnerability Report TALOS-2023-1896 WWBN AVideo userRecoverPass.php recoverPass generation insufficient entropy vulnerability January 10, 2024 CVE Number CVE-2023-49589 SUMMARY An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of...
GTKWave decompression OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2023-1786 GTKWave decompression OS command injection vulnerabilities January 8, 2024 CVE Number CVE-2023-35963,CVE-2023-35960,CVE-2023-35964,CVE-2023-35959,CVE-2023-35961,CVE-2023-35962 SUMMARY Multiple OS command injection vulnerabilities exist in the decompressi...
Foxit Reader field value property type confusion vulnerability
Talos Vulnerability Report TALOS-2023-1838 Foxit Reader field value property type confusion vulnerability November 27, 2023 CVE Number CVE-2023-41257 SUMMARY A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript...
Accusoft ImageGear CreateDIBfromPict out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1729 Accusoft ImageGear CreateDIBfromPict out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-23567 SUMMARY A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially...
Milesight UR32L libzebra.so security_decrypt_password buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1715 Milesight UR32L libzebra.so securitydecryptpassword buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24018 SUMMARY A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesigh...
Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1609 Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-38088 SUMMARY A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. ...
Lansweeper lansweeper HdConfigActions.aspx altertextlanguages stored cross-site scripting vulnerability
Talos Vulnerability Report TALOS-2022-1532 Lansweeper lansweeper HdConfigActions.aspx altertextlanguages stored cross-site scripting vulnerability December 1, 2022 CVE Number CVE-2022-28703 SUMMARY A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages...
TCL LinkHub Mesh Wifi confctl_set_guest_wlan denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1502 TCL LinkHub Mesh Wifi confctlsetguestwlan denial of service vulnerability August 1, 2022 CVE Number CVE-2022-27660 SUMMARY A denial of service vulnerability exists in the confctlsetguestwlan functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A...
Robustel R1510 web_server /action/remove/ API data removal vulnerability
Summary A data removal vulnerability exists in the webserver /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R151...
Blynk Blynk-Library BlynkConsole.h runCommand stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. Tested Versions Blynk -Libra...
Open Automation Software Platform Engine SecureTransferFiles information disclosure vulnerability
Summary An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger...
Anker Eufy Homebase 2 libxm_av.so DemuxCmdInBuffer buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1480 Anker Eufy Homebase 2 libxmav.so DemuxCmdInBuffer buffer overflow vulnerability May 5, 2022 CVE Number CVE-2022-26073 SUMMARY A denial of service vulnerability exists in the libxmav.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A...
Anker Eufy Homebase 2 libxm_av.so getpeermac() authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1479 Anker Eufy Homebase 2 libxmav.so getpeermac authentication bypass vulnerability May 5, 2022 CVE Number CVE-2022-25989 SUMMARY An authentication bypass vulnerability exists in the libxmav.so getpeermac functionality of Anker Eufy Homebase 2 2.1.8.5h. A...
Leadtools fltSaveCMP integer overflow vulnerability
Summary An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability. Tested Versions...
Sealevel Systems, Inc. SeaConnect 370W Web Server information disclosure vulnerability
Summary An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger...
Google Chrome MediaStreamTrackGenerator use after free vulnerability
Summary A potential code execution vulnerability exists in the MediaStreamTrackGenerator functionality of Google Chrome 94.0.4606.81 Stable and 97.0.4674.1 Canary. A specially-crafted web page can lead to use-after-free. An attacker can provide a malicious web site to trigger this vulnerability...
ZTE MF971R xmlclient cross-site scripting vulnerability
Summary An exploitable Cross-Site-Scripting XSS vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker...
Accusoft ImageGear JPG sof_nb_comp header processing out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the JPG sofnbcomp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...
Accusoft ImageGear PNG png_palette_process memory corruption vulnerability
Summary A memory corruption vulnerability exists in the PNG pngpaletteprocess functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability. Tested Versions Accusoft ImageGear...
Microsoft Azure Sphere mqueue inode initialization kernel code execution vulnerability
Summary A code execution vulnerability exists in the mqueue inode initialization functionality of Microsoft Azure Sphere 21.01. A specially crafted set of syscalls can lead to uninitialized kernel read, which in turn leads to code execution in kernel. To trigger this vulnerability, an attacker ca...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Data Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
SoftPerfect RAM Disk spvve.sys 0x222004 arbitrary file deletion vulnerability
Talos Vulnerability Report TALOS-2020-1121 SoftPerfect RAM Disk spvve.sys 0x222004 arbitrary file deletion vulnerability August 4, 2020 CVE Number CVE-2020-13522 SUMMARY An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O...
Microsoft Office Excel s_Schema Code Execution Vulnerability
Talos Vulnerability Report TALOS-2020-1015 Microsoft Office Excel sSchema Code Execution Vulnerability May 12, 2020 CVE Number CVE-2020-0901 Summary An exploitable code execution vulnerability exists in the Excel sSchema functionality of Microsoft Corporation Microsoft Office 2001 build 12430.202...
LEADTOOLS DICOM UI Parsing Code Execution Vulnerability
Summary An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An...
Schneider Electric Modicon M580 malformed firmware image FTP upgrade denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. A specially crafted firmware image can cause the device to enter a recoverable fault state, resulti...
Nest Labs Nest Cam IQ Indoor Weave KeyError denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a...
Sierra Wireless AirLink ES450 ACEManager Information Exposure Vulnerability
Summary An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the devi...
Foxit PDF Reader Javascript createTemplate nPage Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
ACD Systems Canvas Draw 4 PlanarConfiguration Heap Overflow Code Execution Vulnerability
Summary An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerabili...
Antenna House Office Server Document Converter putlsttbl code execution vulnerability
Summary An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to a stack-based buffer overflow,...
Moxa EDR-810 Server Agent Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. Tested Versions Moxa...
Moxa EDR-810 Plaintext Password Storage Vulnerability
Summary An password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. Tested Versions Moxa EDR-810 V4.1 build 17030317 Product URLs...
Blender BKE_curve_bevelList_make Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
delayed_job_web rails gem XSS vulnerability
Summary An exploitable XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an authenticated...
Foscam IP Video Camera devMng Multi-Camera Port 10000 Command 0x0002 Password Field Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. Tested Versions...
Circle with Disney Firmware Update Command Injection Vulnerability
Summary An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. Tested...
Apache OpenOffice PPT PPTStyleSheet nLevel Code Execution Vulnerability
Summary An exploitable out of bound write vulnerability exists in the PPTStyleSheet::PPTStyleSheet functionality of Apache OpenOffice. A specially crafted PPT file can cause an out of bound write resulting in arbitrary code execution. An attacker can send/provide a malicious PPT file to trigger...
Computerinsel Photoline SVG Parsing Code Execution Vulnerability
Summary An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SV...
Gdk-Pixbuf TIFF tiff_image_parse Code Execution Vulnerability
Summary An exploitable integer overflow vulnerability exists in the tiffimageparse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this...
InsideSecure MatrixSSL x509 certificate IssuerDomainPolicy Remote Code Execution Vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a...
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tes...
Moxa AWK-3131A Web Application systemlog.log Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Tested Versions Moxa AWK-3131...
Aerospike Database Server Set Name Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchlistbysetbinid resulting in remote code execution. An...
Ruby WIN32OLE ole_invoke and ole_query_interface Type Confusion Vulnerabilities
Talos Vulnerability Report TALOS-2016-0029 Ruby WIN32OLE oleinvoke and olequeryinterface Type Confusion Vulnerabilities June 14, 2016 CVE Number CVE-2016-2336 DESCRIPTION Type Confusion exists in two methods of Ruby’s WIN32OLE class, oleinvoke and olequeryinterface. Attacker passing different typ...
Microsoft Excel for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1976 Microsoft Excel for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-43106 SUMMARY A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel’s access privileges,...