2224 matches found
ArduPilot APWeb cgi.c unescape memory corruption vulnerability
Summary A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested...
Leadtools fltSaveCMP integer overflow vulnerability
Summary An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability. Tested Versions...
Accusoft ImageGear JPEG-JFIF Scan header parser out-of-bounds write vulnerability
Summary An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this...
Google Chrome MediaStreamTrackGenerator use after free vulnerability
Summary A potential code execution vulnerability exists in the MediaStreamTrackGenerator functionality of Google Chrome 94.0.4606.81 Stable and 97.0.4674.1 Canary. A specially-crafted web page can lead to use-after-free. An attacker can provide a malicious web site to trigger this vulnerability...
Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame decoding heap-based buffer overflow vulnerability
Summary When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an...
ZTE MF971R sms_cmd_status_info cross-site scripting vulnerability
Summary An exploitable Cross-Site-Scripting vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker needs ...
AT&T Labs Xmill XML parsing CreateLabelOrAttrib memory corruption vulnerability
Summary A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0...
Microsoft Azure Sphere Linux namespace ptrace unsigned code execution vulnerability
Summary An unsigned code execution vulnerability exists in the Linux namespace ptrace functionality of Microsoft Azure Sphere 21.01. Specially crafted shellcode could allow an adversary to execute unsigned code. An attacker can change the namespace and use ptrace to modify the code of a running...
Microsoft Azure Sphere Normal World application /proc/self/mem unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.05. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that modifies the program at runtime v...
Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability
Summary An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function’s return value is not checked, leading to a double free that could be exploited to execute arbitrary...
Sierra Wireless AirLink ES450 ACEManager Information Exposure Vulnerability
Summary An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the devi...
CleanMyMac X incomplete update patch privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access c...
ACD Systems Canvas Draw 4 setRasterData Heap Overflow Code Execution Vulnerability
Summary An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerabili...
Foxit PDF Reader Javascript createTemplate nPage Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
Antenna House Office Server Document Converter vbgetfp code execution vulnerability
Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...
Insteon Hub PubNub control Channel Message Handler Code Execution Vulnerabilities
Summary Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the “control” channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary...
CPP-Ethereum JSON-RPC admin_peers improper authorization Vulnerability
Summary An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...
CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability
Summary An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigge...
libxls read_MSAT Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the readMSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...
Circle with Disney check_torlist.sh Update Code Execution Vulnerability
Summary An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this...
Foscam IP Video Camera CGIProxy.fcgi Account Creation Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting...
Zabbix Proxy Server SQL Database Write Vulnerability
Summary An exploitable database write vulnerability exists in the trapper functionality of Zabbix Server 2.4.X . Specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker set up a Man-in-the-Middle server to alter trapper requests made between ...
Pharos PopUp Printer Client DecodeString Code Execution Vulnerability
Summary A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim’s computer and can lead to an out of bounds read causing a crash and a denial of service. Tested Versions Pharos PopUp...
Ichitaro Office Excel File Code Execution Vulnerability
Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro handles Microsoft Excel’s .xls file format. When processing a record type of 0x3c from a Workbook...
Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0150 Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4295 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul...
Oracle OIT IX SDK TIFF file parsing heap buffer overflow
Talos Vulnerability Report TALOS-2016-0104 Oracle OIT IX SDK TIFF file parsing heap buffer overflow July 19, 2016 CVE Number CVE-2016-3582 Description While parsing a specially crafted TIFF file, a parser confusion can lead to a heap buffer overflow resulting in out of bounds memory overwrite and...
Oracle OIT IX SDK libvs_pdf arbitrary pointer access
Talos Vulnerability Report TALOS-2016-0101 Oracle OIT IX SDK libvspdf arbitrary pointer access July 19, 2016 CVE Number CVE-2016-3579 Description When parsing a specially crafted PDF document, a value derived from a file is used as a memory pointer leading to a process crash. Tested Versions...
Libarchive mtree parse_device Code Execution Vulnerability
SUMMARY An exploitable stack based buffer overflow vulnerability exists in the mtree parsedevice functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this...
Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0014 Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3790 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of an mvhd atom can cause an...
Adobe Acrobat Reader Thermometer use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1794 Adobe Acrobat Reader Thermometer use-after-free vulnerability November 15, 2023 CVE Number CVE-2023-44336 SUMMARY A use-after-free vulnerability exists in the Thermometer Javascript object in Adobe Acrobat Reader 2023.001.20174. Specially crafted...
Ghost unauthorized newsletter modification vulnerability
Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...
NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1603 NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability December 6, 2022 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality MOV instruction index functionality of NVIDIA...
Abode Systems, Inc. iota All-In-One Security Kit console_main_loop :sys OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1561 Abode Systems, Inc. iota All-In-One Security Kit consolemainloop :sys OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29520 SUMMARY An OS command injection vulnerability exists in the consolemainloop :sys functionality of Abode...
ESTsoft Alyac OLE header parsing integer overflow
Talos Vulnerability Report TALOS-2022-1527 ESTsoft Alyac OLE header parsing integer overflow August 3, 2022 CVE Number CVE-2022-32543 SUMMARY An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overfl...
InHand Networks InRouter302 console factory OS command injection vulnerability
Summary An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand...
Apple macOS SMB server directory query request integer overflow vulnerability
Summary A memory corruption vulnerability exists in the SMB Server on Apple macOS 11.2. A specially crafted SMB packet can trigger an integer overflow when handling directory query requests which can result in memory corruption, potentially leading to remote code execution and denial of service...
Microsoft Azure Sphere mqueue inode initialization kernel code execution vulnerability
Summary A code execution vulnerability exists in the mqueue inode initialization functionality of Microsoft Azure Sphere 21.01. A specially crafted set of syscalls can lead to uninitialized kernel read, which in turn leads to code execution in kernel. To trigger this vulnerability, an attacker ca...
Accusoft ImageGear SGI format buffer size processing out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...
Google Chrome WebGL code execution vulnerability
Summary A use-after-free read vulnerability exists in Google Chrome 81.0.4044.138 Stable, 84.0.4136.5 Dev and 84.0.4143.7 Canary, when a WebGL component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality MOV REG Code Execution Vulnerability
Summary An exploitable memory corruption vulnerability exists in AMD atidxx64.dll graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially coul...
Accusoft ImageGear TIFF TIF_decode_thunderscan code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed...
Adobe Acrobat Reader DC text field "comb" property remote code execution vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...
Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities
Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...
Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on th...
ACD Systems Canvas Draw 4 IO Metadata Out-of-Bounds Write Code Execution Vulnerability
Summary An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
Computerinsel Photoline PSD Blending Channel Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerabili...
Moxa EDR-810 Web Server Cross-Site Request Forgery Vulnerability
Summary An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Tested Versions Mo...
Computerinsel Photoline TIFF Bits Per Pixel Parsing Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...
rails_admin rails gem XSS vulnerability
Summary An exploitable XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an...
VMware VNC Pointer Decode Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the remote management functionality of VMware . A specially crafted set of VNC packets can cause a type confusion resulting in stack overwrite, which could lead to code execution. An attacker can initiate a VNC session to trigger this...