2224 matches found
RTMPDump rtmpsrv PlayPath Null Pointer Dereference
Talos Vulnerability Report TALOS-2016-0068 RTMPDump rtmpsrv PlayPath Null Pointer Dereference January 7, 2016 CVE Number CVE-2015-8272 Description A vulnerability exists in rtmpsrv in which an attacker can entice a user to utilize rtmpsrv to save an RTMP media stream that is missing a playpath...
Microsoft .NET Manifest Resource Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2015-0130 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...
Network Time Protocol Trusted Keys Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0054 Network Time Protocol Trusted Keys Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7849 Description An exploitable use-after-free vulnerability exists in the password management functionality of the Network Time Protocol. A specially...
Network Time Protocol ntpd multiple integer overflow read access violations
Talos Vulnerability Report TALOS-2015-0052 Network Time Protocol ntpd multiple integer overflow read access violations October 21, 2015 CVE Number CVE-2015-7848 Description When processing a specially crafted private mode packet, an integer overflow can occur leading to out of bounds memory copy...
Network Time Protocol Remote Configuration Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0055 Network Time Protocol Remote Configuration Denial of Service Vulnerability October 21, 2015 CVE Number CVE-2015-7850 Description An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol....
Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1968 Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability August 13, 2024 CVE Number CVE-2024-38062 SUMMARY An out-of-bounds read vulnerability exists in the License Update Field Type 0xC9 functionality of Microsoft...
Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability
Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cliserver debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cliserver debug functionality of Tp-Link ER7206 Omada Gigabit VPN...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability
Talos Vulnerability Report TALOS-2023-1854 TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability February 6, 2024 CVE Number CVE-2023-47209 SUMMARY A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability
Talos Vulnerability Report TALOS-2023-1857 TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability February 6, 2024 CVE Number CVE-2023-46683 SUMMARY A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality ...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability
Talos Vulnerability Report TALOS-2023-1853 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-36498 SUMMARY A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206...
GTKWave FST fstReaderIterBlocks2 chain_table allocation integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1798 GTKWave FST fstReaderIterBlocks2 chaintable allocation integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-36915,CVE-2023-36916 SUMMARY Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chaintable allocation...
Foxit Reader Javascript exportDataObject arbitrary file creation vulnerability
Talos Vulnerability Report TALOS-2023-1833 Foxit Reader Javascript exportDataObject arbitrary file creation vulnerability November 27, 2023 CVE Number CVE-2023-40194 SUMMARY An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to...
SoftEther VPN ClientConnect() information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1768 SoftEther VPN ClientConnect information disclosure vulnerability October 12, 2023 CVE Number CVE-2023-31192 SUMMARY An information disclosure vulnerability exists in the ClientConnect functionality of SoftEther VPN 5.01.9674. A specially crafted network...
Milesight UR32L eventcore access violation vulnerability
Talos Vulnerability Report TALOS-2023-1696 Milesight UR32L eventcore access violation vulnerability July 6, 2023 CVE Number CVE-2023-23571 SUMMARY An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to...
Milesight UR32L urvpn_client http_connection_readcb stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1718 Milesight UR32L urvpnclient httpconnectionreadcb stack-based buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24019 SUMMARY A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesigh...
Weston Embedded uC-FTPs PORT command parameter extraction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2022-1681 Weston Embedded uC-FTPs PORT command parameter extraction out-of-bounds read vulnerability May 10, 2023 CVE Number CVE-2022-46377,CVE-2022-46378 SUMMARY An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of...
Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1608 Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability January 26, 2023 CVE Number CVE-2022-38459 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD...
Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability
Talos Vulnerability Report TALOS-2022-1565 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability October 20, 2022 CVE Number CVE-2022-32574 SUMMARY A double-free vulnerability exists in the web interface /action/ipcamSetParamPost...
InHand Networks InRouter302 web interface session cookie information disclosure vulnerability
Summary An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal t...
Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability
Summary A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to arbitrary file overwrite. An attacker can provide malicious input to trigger this vulnerability. Tested...
Anker Eufy Homebase 2 home_security wifi_country_code_update command execution vulnerability
Talos Vulnerability Report TALOS-2021-1381 Anker Eufy Homebase 2 homesecurity wificountrycodeupdate command execution vulnerability November 29, 2021 CVE Number CVE-2021-21954 SUMMARY A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of...
Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'user_list' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘userlist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities with the administrativ...
Lantronix PremierWave 2050 Web Manager FsCopyFile directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities
Summary Multiple OS command injection vulnerabilities exist in the Web Manager SSL Credential Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
AT&T Labs Xmill XML decompression LabelDict::Load heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T La...
Accusoft ImageGear TIF bits_per_sample processing out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the TIF bitspersample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...
Openscad import_stl.cc:import_stl() stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Openscad...
Pixar OpenUSD Binary File Format Token Strings Information Leak Vulnerability
Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This...
BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability
Talos Vulnerability Report TALOS-2020-1032 BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability November 6, 2020 CVE Number CVE-2020-6099 SUMMARY An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.232...
Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux
Talos Vulnerability Report TALOS-2020-1157 Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux November 5, 2020 CVE Number CVE-2020-24435 SUMMARY A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe...
Siemens LOGO! Web Server Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Web Server functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted HTTP request can cause memory corruption resulting in a code execution. An attacker can send an unauthenticated...
Glacies IceHRM Admin Reports SQL injection Vulnerability
Summary An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability
Summary An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacke...
Synology SRM DHCP monitor hostname parsing Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the DHCP monitor’s hostname parsing functionality of Synology SRM 1.2.3 MR2200ac 8017 and 1.2.3 RT2600ac 8017. A specially crafted network request can cause an out-of-bounds read resulting in a denial of service. An attacker can sen...
Schneider Electric Modicon M580 outdated firmware image FTP upgrade denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An outdated firmware image can cause the device to enter a non-recoverable fault state,...
Schneider Electric Modicon M580 HTTP Request Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the HTTP request processing of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. An appropriately timed HTTP request can cause the device to enter a non-recoverable fault state, resultin...
Circle with Disney WiFi Security Downgrade Vulnerability
Summary An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one, can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a...
Apache OpenOffice DOC WW8Fonts Constructor Code Execution Vulnerability
Summary An exploitable out of bound write vulnerability exists in the WW8Fonts::WW8Fonts functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause an out of bound write potentially resulting in arbitrary code execution. An attacker can send/provide a malicious doc file to...
Moxa AWK-3131A Web Application Multiple Reflected Cross-Site Scripting Vulnerabilities
Summary An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Tested Versions...
Oracle Outside In Technology RTF Parsing Code Execution Vulnerability
Summary An exploitable Use After Free vulnerability exists in the RTF parser functionality of Oracle Outside In Technology SDK. A specially crafted RTF document can cause a reuse of a reference to the previously freed memory which can be manipulated into achieving arbitrary code execution. Tested...
LibTIFF PixarLogDecode Remote Code Execution Vulnerability
Summary An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF’s PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled...
Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities
Talos Vulnerability Report TALOS-2016-0031 Ruby TclTkIp ipcanceleval Type Confusion Vulnerabilities June 14, 2016 CVE Number CVE-2016-2337 DESCRIPTION Type Confusion exists in canceleval Ruby’s TclTkIp class method. Attacker passing different type of object than String as “retval” argument can...
Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities
Talos Vulnerability Report TALOS-2015-0024 Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities July 16, 2015 CVE Number CVE-2015-2869 Description Multiple exploitable denial of service vulnerabilities exist in the FileInfo Plugin for Total Commander. An attacker who can...
GoCast NAT parameter OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1961 GoCast NAT parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-29224 SUMMARY An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command...
Realtek rtl819x Jungle SDK boa formRoute stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1894 Realtek rtl819x Jungle SDK boa formRoute stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-41251 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11....
AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24963,CVE-2024-24962 SUMMARY A stack-based buffer overflow vulnerability exists in the Programming Software...
GTKWave FST fstReaderIterBlocks2 VCDATA parsing heap-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1785 GTKWave FST fstReaderIterBlocks2 VCDATA parsing heap-based buffer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-35956,CVE-2023-35957,CVE-2023-35958,CVE-2023-35955 SUMMARY Multiple heap-based buffer overflow vulnerabilities exist in the...
Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...
Yifan YF325 gwcfg_cgi_set_manage_post_data stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1788 Yifan YF325 gwcfgcgisetmanagepostdata stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35967,CVE-2023-35968 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yif...
Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1764 Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34346 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A...