Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2022/04/14 12:0 a.m.45 views

ArduPilot APWeb cgi.c unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested...

9.8CVSS7.5AI score0.01684EPSS
Exploits1
Talos
Talos
added 2022/03/15 12:0 a.m.45 views

Leadtools fltSaveCMP integer overflow vulnerability

Summary An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability. Tested Versions...

8.8CVSS8AI score0.00983EPSS
Exploits1
Talos
Talos
added 2022/02/23 12:0 a.m.45 views

Accusoft ImageGear JPEG-JFIF Scan header parser out-of-bounds write vulnerability

Summary An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this...

9.8CVSS8.7AI score0.01084EPSS
Exploits1
Talos
Talos
added 2022/01/27 12:0 a.m.45 views

Google Chrome MediaStreamTrackGenerator use after free vulnerability

Summary A potential code execution vulnerability exists in the MediaStreamTrackGenerator functionality of Google Chrome 94.0.4606.81 Stable and 97.0.4674.1 Canary. A specially-crafted web page can lead to use-after-free. An attacker can provide a malicious web site to trigger this vulnerability...

8.8CVSS9.1AI score0.01362EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.45 views

Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame decoding heap-based buffer overflow vulnerability

Summary When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an...

9.8CVSS9.6AI score0.15684EPSS
Exploits1
Talos
Talos
added 2021/10/18 12:0 a.m.45 views

ZTE MF971R sms_cmd_status_info cross-site scripting vulnerability

Summary An exploitable Cross-Site-Scripting vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker needs ...

6.1CVSS6.6AI score0.00562EPSS
Exploits0
Talos
Talos
added 2021/08/11 12:0 a.m.45 views

AT&T Labs Xmill XML parsing CreateLabelOrAttrib memory corruption vulnerability

Summary A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0...

9.8CVSS9.1AI score0.01136EPSS
Exploits1
Talos
Talos
added 2021/04/13 12:0 a.m.45 views

Microsoft Azure Sphere Linux namespace ptrace unsigned code execution vulnerability

Summary An unsigned code execution vulnerability exists in the Linux namespace ptrace functionality of Microsoft Azure Sphere 21.01. Specially crafted shellcode could allow an adversary to execute unsigned code. An attacker can change the namespace and use ptrace to modify the code of a running...

6.2CVSS6.6AI score0.01028EPSS
Exploits1
Talos
Talos
added 2020/07/31 12:0 a.m.45 views

Microsoft Azure Sphere Normal World application /proc/self/mem unsigned code execution vulnerability

Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.05. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that modifies the program at runtime v...

7.3CVSS7.4AI score0.01614EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.45 views

Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability

Summary An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function’s return value is not checked, leading to a double free that could be exploited to execute arbitrary...

9.8CVSS8.2AI score0.03636EPSS
Exploits1
Talos
Talos
added 2019/04/25 12:0 a.m.45 views

Sierra Wireless AirLink ES450 ACEManager Information Exposure Vulnerability

Summary An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the devi...

7.5CVSS7.8AI score0.04011EPSS
Exploits3
Talos
Talos
added 2019/03/11 12:0 a.m.45 views

CleanMyMac X incomplete update patch privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access c...

7.1CVSS6.1AI score0.00398EPSS
Exploits0
Talos
Talos
added 2018/07/19 12:0 a.m.45 views

ACD Systems Canvas Draw 4 setRasterData Heap Overflow Code Execution Vulnerability

Summary An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerabili...

8.8CVSS8.3AI score0.01793EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.45 views

Foxit PDF Reader Javascript createTemplate nPage Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.5AI score0.02347EPSS
Exploits1
Talos
Talos
added 2018/07/10 12:0 a.m.45 views

Antenna House Office Server Document Converter vbgetfp code execution vulnerability

Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...

8.8CVSS8.1AI score0.01639EPSS
Exploits0
Talos
Talos
added 2018/06/19 12:0 a.m.45 views

Insteon Hub PubNub control Channel Message Handler Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the “control” channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary...

9.1AI score
Exploits0
Talos
Talos
added 2018/01/09 12:0 a.m.45 views

CPP-Ethereum JSON-RPC admin_peers improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

6.8CVSS5.6AI score0.01399EPSS
Exploits2
Talos
Talos
added 2018/01/09 12:0 a.m.45 views

CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigge...

8.1CVSS6.2AI score0.01599EPSS
Exploits2
Talos
Talos
added 2017/11/15 12:0 a.m.45 views

libxls read_MSAT Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the readMSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...

8.8CVSS7.5AI score0.02061EPSS
Exploits1
Talos
Talos
added 2017/10/31 12:0 a.m.45 views

Circle with Disney check_torlist.sh Update Code Execution Vulnerability

Summary An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this...

9.6CVSS8.6AI score0.00805EPSS
Exploits2
Talos
Talos
added 2017/06/19 12:0 a.m.45 views

Foscam IP Video Camera CGIProxy.fcgi Account Creation Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting...

8.8CVSS9.2AI score0.07802EPSS
Exploits2
Talos
Talos
added 2017/04/27 12:0 a.m.45 views

Zabbix Proxy Server SQL Database Write Vulnerability

Summary An exploitable database write vulnerability exists in the trapper functionality of Zabbix Server 2.4.X . Specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker set up a Man-in-the-Middle server to alter trapper requests made between ...

7CVSS7.1AI score0.04385EPSS
Exploits2
Talos
Talos
added 2017/03/07 12:0 a.m.45 views

Pharos PopUp Printer Client DecodeString Code Execution Vulnerability

Summary A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim’s computer and can lead to an out of bounds read causing a crash and a denial of service. Tested Versions Pharos PopUp...

7.5CVSS6.2AI score0.02109EPSS
Exploits1
Talos
Talos
added 2017/02/27 12:0 a.m.45 views

Ichitaro Office Excel File Code Execution Vulnerability

Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro handles Microsoft Excel’s .xls file format. When processing a record type of 0x3c from a Workbook...

9.8CVSS0.1AI score0.01889EPSS
Exploits1
Talos
Talos
added 2016/08/04 12:0 a.m.45 views

Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0150 Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4295 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul...

7.8CVSS0.1AI score0.02232EPSS
Exploits2
Talos
Talos
added 2016/07/19 12:0 a.m.45 views

Oracle OIT IX SDK TIFF file parsing heap buffer overflow

Talos Vulnerability Report TALOS-2016-0104 Oracle OIT IX SDK TIFF file parsing heap buffer overflow July 19, 2016 CVE Number CVE-2016-3582 Description While parsing a specially crafted TIFF file, a parser confusion can lead to a heap buffer overflow resulting in out of bounds memory overwrite and...

9CVSS8.9AI score0.0393EPSS
Exploits1
Talos
Talos
added 2016/07/19 12:0 a.m.45 views

Oracle OIT IX SDK libvs_pdf arbitrary pointer access

Talos Vulnerability Report TALOS-2016-0101 Oracle OIT IX SDK libvspdf arbitrary pointer access July 19, 2016 CVE Number CVE-2016-3579 Description When parsing a specially crafted PDF document, a value derived from a file is used as a memory pointer leading to a process crash. Tested Versions...

9CVSS8.3AI score0.0393EPSS
Exploits1
Talos
Talos
added 2016/06/19 12:0 a.m.45 views

Libarchive mtree parse_device Code Execution Vulnerability

SUMMARY An exploitable stack based buffer overflow vulnerability exists in the mtree parsedevice functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this...

7.8CVSS0.3AI score0.03716EPSS
Exploits2
Talos
Talos
added 2015/08/13 12:0 a.m.45 views

Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0014 Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3790 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of an mvhd atom can cause an...

6.8CVSS9AI score0.03635EPSS
Exploits0
Talos
Talos
added 2023/11/15 12:0 a.m.44 views

Adobe Acrobat Reader Thermometer use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1794 Adobe Acrobat Reader Thermometer use-after-free vulnerability November 15, 2023 CVE Number CVE-2023-44336 SUMMARY A use-after-free vulnerability exists in the Thermometer Javascript object in Adobe Acrobat Reader 2023.001.20174. Specially crafted...

7.8CVSS8.2AI score0.02309EPSS
Exploits0
Talos
Talos
added 2022/12/21 12:0 a.m.44 views

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

9.6CVSS5AI score0.18914EPSS
Exploits1
Talos
Talos
added 2022/12/06 12:0 a.m.44 views

NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability

Talos Vulnerability Report TALOS-2022-1603 NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability December 6, 2022 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality MOV instruction index functionality of NVIDIA...

8.8CVSS8.8AI score0.01387EPSS
Exploits0
Talos
Talos
added 2022/10/20 12:0 a.m.44 views

Abode Systems, Inc. iota All-In-One Security Kit console_main_loop :sys OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1561 Abode Systems, Inc. iota All-In-One Security Kit consolemainloop :sys OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29520 SUMMARY An OS command injection vulnerability exists in the consolemainloop :sys functionality of Abode...

9.8CVSS9.3AI score0.02803EPSS
Exploits1
Talos
Talos
added 2022/08/03 12:0 a.m.44 views

ESTsoft Alyac OLE header parsing integer overflow

Talos Vulnerability Report TALOS-2022-1527 ESTsoft Alyac OLE header parsing integer overflow August 3, 2022 CVE Number CVE-2022-32543 SUMMARY An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overfl...

7.8CVSS6.9AI score0.00457EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.44 views

InHand Networks InRouter302 console factory OS command injection vulnerability

Summary An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand...

9.1CVSS7.5AI score0.05359EPSS
Exploits1
Talos
Talos
added 2021/06/02 12:0 a.m.44 views

Apple macOS SMB server directory query request integer overflow vulnerability

Summary A memory corruption vulnerability exists in the SMB Server on Apple macOS 11.2. A specially crafted SMB packet can trigger an integer overflow when handling directory query requests which can result in memory corruption, potentially leading to remote code execution and denial of service...

8.1CVSS9.2AI score0.0202EPSS
Exploits0
Talos
Talos
added 2021/04/13 12:0 a.m.44 views

Microsoft Azure Sphere mqueue inode initialization kernel code execution vulnerability

Summary A code execution vulnerability exists in the mqueue inode initialization functionality of Microsoft Azure Sphere 21.01. A specially crafted set of syscalls can lead to uninitialized kernel read, which in turn leads to code execution in kernel. To trigger this vulnerability, an attacker ca...

9.3CVSS9.1AI score0.01216EPSS
Exploits1
Talos
Talos
added 2021/03/30 12:0 a.m.44 views

Accusoft ImageGear SGI format buffer size processing out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...

9.8CVSS9.2AI score0.01257EPSS
Exploits1
Talos
Talos
added 2020/08/24 12:0 a.m.44 views

Google Chrome WebGL code execution vulnerability

Summary A use-after-free read vulnerability exists in Google Chrome 81.0.4044.138 Stable, 84.0.4136.5 Dev and 84.0.4143.7 Canary, when a WebGL component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of...

9.6CVSS9.6AI score0.00699EPSS
Exploits1
Talos
Talos
added 2020/07/14 12:0 a.m.44 views

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality MOV REG Code Execution Vulnerability

Summary An exploitable memory corruption vulnerability exists in AMD atidxx64.dll graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially coul...

9.9CVSS9.6AI score0.02081EPSS
Exploits1
Talos
Talos
added 2019/12/02 12:0 a.m.44 views

Accusoft ImageGear TIFF TIF_decode_thunderscan code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed...

9.8CVSS9AI score0.03612EPSS
Exploits1
Talos
Talos
added 2019/02/12 12:0 a.m.44 views

Adobe Acrobat Reader DC text field "comb" property remote code execution vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...

10CVSS9.8AI score0.04253EPSS
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.44 views

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

9.1AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.44 views

Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on th...

8.2CVSS8.3AI score0.0041EPSS
Exploits2
Talos
Talos
added 2018/07/19 12:0 a.m.44 views

ACD Systems Canvas Draw 4 IO Metadata Out-of-Bounds Write Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

8.8CVSS7.9AI score0.01444EPSS
Exploits1
Talos
Talos
added 2018/07/11 12:0 a.m.44 views

Computerinsel Photoline PSD Blending Channel Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerabili...

8.8CVSS8.2AI score0.01469EPSS
Exploits1
Talos
Talos
added 2018/04/13 12:0 a.m.44 views

Moxa EDR-810 Web Server Cross-Site Request Forgery Vulnerability

Summary An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Tested Versions Mo...

8.8CVSS8.9AI score0.01011EPSS
Exploits2
Talos
Talos
added 2018/04/11 12:0 a.m.44 views

Computerinsel Photoline TIFF Bits Per Pixel Parsing Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the TIFF parsing functionality of Computerinsel Photoline 20.53. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

8.8CVSS8.2AI score0.01036EPSS
Exploits1
Talos
Talos
added 2018/01/10 12:0 a.m.44 views

rails_admin rails gem XSS vulnerability

Summary An exploitable XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an...

6.1CVSS6.1AI score0.01279EPSS
Exploits3
Talos
Talos
added 2017/12/19 12:0 a.m.44 views

VMware VNC Pointer Decode Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the remote management functionality of VMware . A specially crafted set of VNC packets can cause a type confusion resulting in stack overwrite, which could lead to code execution. An attacker can initiate a VNC session to trigger this...

8.8CVSS8.9AI score0.03157EPSS
Exploits1
Total number of security vulnerabilities2224