Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2016/01/07 12:0 a.m.43 views

RTMPDump rtmpsrv PlayPath Null Pointer Dereference

Talos Vulnerability Report TALOS-2016-0068 RTMPDump rtmpsrv PlayPath Null Pointer Dereference January 7, 2016 CVE Number CVE-2015-8272 Description A vulnerability exists in rtmpsrv in which an attacker can entice a user to utilize rtmpsrv to save an RTMP media stream that is missing a playpath...

6.5CVSS7.7AI score0.02732EPSS
Exploits1
Talos
Talos
added 2015/12/08 12:0 a.m.43 views

Microsoft .NET Manifest Resource Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2015-0130 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...

4.3CVSS6.5AI score0.19485EPSS
Exploits0
Talos
Talos
added 2015/10/21 12:0 a.m.43 views

Network Time Protocol Trusted Keys Memory Corruption Vulnerability

Talos Vulnerability Report TALOS-2015-0054 Network Time Protocol Trusted Keys Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7849 Description An exploitable use-after-free vulnerability exists in the password management functionality of the Network Time Protocol. A specially...

8.8CVSS9.6AI score0.16848EPSS
Exploits0
Talos
Talos
added 2015/10/21 12:0 a.m.43 views

Network Time Protocol ntpd multiple integer overflow read access violations

Talos Vulnerability Report TALOS-2015-0052 Network Time Protocol ntpd multiple integer overflow read access violations October 21, 2015 CVE Number CVE-2015-7848 Description When processing a specially crafted private mode packet, an integer overflow can occur leading to out of bounds memory copy...

7.5CVSS9AI score0.06096EPSS
Exploits1
Talos
Talos
added 2015/10/21 12:0 a.m.43 views

Network Time Protocol Remote Configuration Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0055 Network Time Protocol Remote Configuration Denial of Service Vulnerability October 21, 2015 CVE Number CVE-2015-7850 Description An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol....

6.5CVSS7.6AI score0.04973EPSS
Exploits0
Talos
Talos
added 2024/08/13 12:0 a.m.42 views

Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1968 Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability August 13, 2024 CVE Number CVE-2024-38062 SUMMARY An out-of-bounds read vulnerability exists in the License Update Field Type 0xC9 functionality of Microsoft...

7.8CVSS6.9AI score0.01626EPSS
Exploits0
Talos
Talos
added 2024/06/25 12:0 a.m.42 views

Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability

Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cliserver debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cliserver debug functionality of Tp-Link ER7206 Omada Gigabit VPN...

7.2CVSS7.2AI score0.00871EPSS
Exploits1
Talos
Talos
added 2024/02/06 12:0 a.m.42 views

TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability

Talos Vulnerability Report TALOS-2023-1854 TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability February 6, 2024 CVE Number CVE-2023-47209 SUMMARY A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada...

7.2CVSS7.9AI score0.03442EPSS
Exploits1
Talos
Talos
added 2024/02/06 12:0 a.m.42 views

TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability

Talos Vulnerability Report TALOS-2023-1857 TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability February 6, 2024 CVE Number CVE-2023-46683 SUMMARY A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality ...

7.2CVSS7.7AI score0.03442EPSS
Exploits1
Talos
Talos
added 2024/02/06 12:0 a.m.42 views

TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability

Talos Vulnerability Report TALOS-2023-1853 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-36498 SUMMARY A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206...

7.2CVSS7.8AI score0.03442EPSS
Exploits1
Talos
Talos
added 2024/01/08 12:0 a.m.42 views

GTKWave FST fstReaderIterBlocks2 chain_table allocation integer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1798 GTKWave FST fstReaderIterBlocks2 chaintable allocation integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-36915,CVE-2023-36916 SUMMARY Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chaintable allocation...

7.8CVSS8.1AI score0.00436EPSS
Exploits2
Talos
Talos
added 2023/11/27 12:0 a.m.42 views

Foxit Reader Javascript exportDataObject arbitrary file creation vulnerability

Talos Vulnerability Report TALOS-2023-1833 Foxit Reader Javascript exportDataObject arbitrary file creation vulnerability November 27, 2023 CVE Number CVE-2023-40194 SUMMARY An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to...

8.8CVSS8.8AI score0.02001EPSS
Exploits1
Talos
Talos
added 2023/10/12 12:0 a.m.42 views

SoftEther VPN ClientConnect() information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1768 SoftEther VPN ClientConnect information disclosure vulnerability October 12, 2023 CVE Number CVE-2023-31192 SUMMARY An information disclosure vulnerability exists in the ClientConnect functionality of SoftEther VPN 5.01.9674. A specially crafted network...

5.3CVSS5.6AI score0.00976EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.42 views

Milesight UR32L eventcore access violation vulnerability

Talos Vulnerability Report TALOS-2023-1696 Milesight UR32L eventcore access violation vulnerability July 6, 2023 CVE Number CVE-2023-23571 SUMMARY An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to...

7.5CVSS7.7AI score0.01078EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.42 views

Milesight UR32L urvpn_client http_connection_readcb stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1718 Milesight UR32L urvpnclient httpconnectionreadcb stack-based buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24019 SUMMARY A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesigh...

8.1CVSS8AI score0.00983EPSS
Exploits1
Talos
Talos
added 2023/05/10 12:0 a.m.42 views

Weston Embedded uC-FTPs PORT command parameter extraction out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2022-1681 Weston Embedded uC-FTPs PORT command parameter extraction out-of-bounds read vulnerability May 10, 2023 CVE Number CVE-2022-46377,CVE-2022-46378 SUMMARY An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of...

7.5CVSS7AI score0.0148EPSS
Exploits2
Talos
Talos
added 2023/01/26 12:0 a.m.42 views

Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1608 Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability January 26, 2023 CVE Number CVE-2022-38459 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD...

8.8CVSS8.1AI score0.03861EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.42 views

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability

Talos Vulnerability Report TALOS-2022-1565 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability October 20, 2022 CVE Number CVE-2022-32574 SUMMARY A double-free vulnerability exists in the web interface /action/ipcamSetParamPost...

7.5CVSS7AI score0.01487EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.42 views

InHand Networks InRouter302 web interface session cookie information disclosure vulnerability

Summary An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal t...

7.5CVSS6.3AI score0.0099EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.42 views

Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability

Summary A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to arbitrary file overwrite. An attacker can provide malicious input to trigger this vulnerability. Tested...

9.1CVSS7.7AI score0.02817EPSS
Exploits1
Talos
Talos
added 2021/11/29 12:0 a.m.42 views

Anker Eufy Homebase 2 home_security wifi_country_code_update command execution vulnerability

Talos Vulnerability Report TALOS-2021-1381 Anker Eufy Homebase 2 homesecurity wificountrycodeupdate command execution vulnerability November 29, 2021 CVE Number CVE-2021-21954 SUMMARY A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of...

9.9CVSS10AI score0.02433EPSS
Exploits1
Talos
Talos
added 2021/11/22 12:0 a.m.42 views

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'user_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘userlist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities with the administrativ...

7.7CVSS6.1AI score0.01134EPSS
Exploits2
Talos
Talos
added 2021/11/15 12:0 a.m.42 views

Lantronix PremierWave 2050 Web Manager FsCopyFile directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

7.2CVSS6.8AI score0.02386EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.42 views

Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities

Summary Multiple OS command injection vulnerabilities exist in the Web Manager SSL Credential Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

9.1CVSS10AI score0.02915EPSS
Exploits3
Talos
Talos
added 2021/08/10 12:0 a.m.42 views

AT&T Labs Xmill XML decompression LabelDict::Load heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T La...

9.8CVSS9.1AI score0.02274EPSS
Exploits1
Talos
Talos
added 2021/06/01 12:0 a.m.42 views

Accusoft ImageGear TIF bits_per_sample processing out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the TIF bitspersample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...

9.8CVSS7.9AI score0.0067EPSS
Exploits0
Talos
Talos
added 2021/02/23 12:0 a.m.42 views

Openscad import_stl.cc:import_stl() stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Openscad...

8.8CVSS8AI score0.01956EPSS
Exploits1
Talos
Talos
added 2020/11/12 12:0 a.m.42 views

Pixar OpenUSD Binary File Format Token Strings Information Leak Vulnerability

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This...

5.5CVSS4.8AI score0.01164EPSS
Exploits1
Talos
Talos
added 2020/11/06 12:0 a.m.42 views

BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability

Talos Vulnerability Report TALOS-2020-1032 BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability November 6, 2020 CVE Number CVE-2020-6099 SUMMARY An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.232...

8.8CVSS8.2AI score0.01103EPSS
Exploits1
Talos
Talos
added 2020/11/05 12:0 a.m.42 views

Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux

Talos Vulnerability Report TALOS-2020-1157 Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux November 5, 2020 CVE Number CVE-2020-24435 SUMMARY A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe...

7.8CVSS7.9AI score0.51275EPSS
Exploits0
Talos
Talos
added 2020/07/15 12:0 a.m.42 views

Siemens LOGO! Web Server Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the Web Server functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted HTTP request can cause memory corruption resulting in a code execution. An attacker can send an unauthenticated...

9.8CVSS10AI score0.09071EPSS
Exploits1
Talos
Talos
added 2020/07/10 12:0 a.m.42 views

Glacies IceHRM Admin Reports SQL injection Vulnerability

Summary An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...

7.2CVSS7.2AI score0.01727EPSS
Exploits1
Talos
Talos
added 2020/06/03 12:0 a.m.42 views

Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability

Summary An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacke...

8.8CVSS8.3AI score0.04264EPSS
Exploits1
Talos
Talos
added 2020/05/06 12:0 a.m.42 views

Synology SRM DHCP monitor hostname parsing Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the DHCP monitor’s hostname parsing functionality of Synology SRM 1.2.3 MR2200ac 8017 and 1.2.3 RT2600ac 8017. A specially crafted network request can cause an out-of-bounds read resulting in a denial of service. An attacker can sen...

8.6CVSS8.2AI score0.02445EPSS
Exploits1
Talos
Talos
added 2019/10/08 12:0 a.m.42 views

Schneider Electric Modicon M580 outdated firmware image FTP upgrade denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An outdated firmware image can cause the device to enter a non-recoverable fault state,...

4.9CVSS5.6AI score0.00959EPSS
Exploits0
Talos
Talos
added 2019/08/13 12:0 a.m.42 views

Schneider Electric Modicon M580 HTTP Request Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the HTTP request processing of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. An appropriately timed HTTP request can cause the device to enter a non-recoverable fault state, resultin...

7.1CVSS5.9AI score0.011EPSS
Exploits0
Talos
Talos
added 2017/10/31 12:0 a.m.42 views

Circle with Disney WiFi Security Downgrade Vulnerability

Summary An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one, can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a...

6.5CVSS6.3AI score0.00679EPSS
Exploits2
Talos
Talos
added 2017/10/26 12:0 a.m.42 views

Apache OpenOffice DOC WW8Fonts Constructor Code Execution Vulnerability

Summary An exploitable out of bound write vulnerability exists in the WW8Fonts::WW8Fonts functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause an out of bound write potentially resulting in arbitrary code execution. An attacker can send/provide a malicious doc file to...

7.8CVSS7.8AI score0.01805EPSS
Exploits1
Talos
Talos
added 2017/04/10 12:0 a.m.42 views

Moxa AWK-3131A Web Application Multiple Reflected Cross-Site Scripting Vulnerabilities

Summary An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Tested Versions...

7.5CVSS6.2AI score0.00823EPSS
Exploits2
Talos
Talos
added 2017/01/17 12:0 a.m.42 views

Oracle Outside In Technology RTF Parsing Code Execution Vulnerability

Summary An exploitable Use After Free vulnerability exists in the RTF parser functionality of Oracle Outside In Technology SDK. A specially crafted RTF document can cause a reuse of a reference to the previously freed memory which can be manipulated into achieving arbitrary code execution. Tested...

8.6CVSS9.3AI score0.02081EPSS
Exploits1
Talos
Talos
added 2016/10/25 12:0 a.m.42 views

LibTIFF PixarLogDecode Remote Code Execution Vulnerability

Summary An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF’s PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled...

0.5AI score
Exploits1
Talos
Talos
added 2016/06/14 12:0 a.m.42 views

Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities

Talos Vulnerability Report TALOS-2016-0031 Ruby TclTkIp ipcanceleval Type Confusion Vulnerabilities June 14, 2016 CVE Number CVE-2016-2337 DESCRIPTION Type Confusion exists in canceleval Ruby’s TclTkIp class method. Attacker passing different type of object than String as “retval” argument can...

9.8CVSS0.1AI score0.06204EPSS
Exploits2
Talos
Talos
added 2015/07/16 12:0 a.m.42 views

Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities

Talos Vulnerability Report TALOS-2015-0024 Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities July 16, 2015 CVE Number CVE-2015-2869 Description Multiple exploitable denial of service vulnerabilities exist in the FileInfo Plugin for Total Commander. An attacker who can...

5CVSS6.6AI score0.03657EPSS
Exploits0
Talos
Talos
added 2024/11/21 12:0 a.m.41 views

GoCast NAT parameter OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1961 GoCast NAT parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-29224 SUMMARY An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command...

9.8CVSS8AI score0.06292EPSS
Exploits0
Talos
Talos
added 2024/07/08 12:0 a.m.41 views

Realtek rtl819x Jungle SDK boa formRoute stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1894 Realtek rtl819x Jungle SDK boa formRoute stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-41251 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11....

7.2CVSS7.8AI score0.01283EPSS
Exploits0
Talos
Talos
added 2024/05/28 12:0 a.m.41 views

AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24963,CVE-2024-24962 SUMMARY A stack-based buffer overflow vulnerability exists in the Programming Software...

9.8CVSS9.8AI score0.01163EPSS
Exploits2
Talos
Talos
added 2024/01/08 12:0 a.m.41 views

GTKWave FST fstReaderIterBlocks2 VCDATA parsing heap-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1785 GTKWave FST fstReaderIterBlocks2 VCDATA parsing heap-based buffer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-35956,CVE-2023-35957,CVE-2023-35958,CVE-2023-35955 SUMMARY Multiple heap-based buffer overflow vulnerabilities exist in the...

7.8CVSS7.9AI score0.00438EPSS
Exploits4
Talos
Talos
added 2023/10/11 12:0 a.m.41 views

Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...

9.8CVSS9.7AI score0.00773EPSS
Exploits0
Talos
Talos
added 2023/10/11 12:0 a.m.41 views

Yifan YF325 gwcfg_cgi_set_manage_post_data stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1788 Yifan YF325 gwcfgcgisetmanagepostdata stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35967,CVE-2023-35968 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yif...

9.8CVSS9.8AI score0.00773EPSS
Exploits0
Talos
Talos
added 2023/10/11 12:0 a.m.41 views

Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1764 Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34346 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A...

9.8CVSS9.8AI score0.01292EPSS
Exploits0
Total number of security vulnerabilities2224