2224 matches found
Aerospike Database Server Index Name Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchbyiname resulting in remote code execution. An attacker ca...
HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...
Apple Image I/O EXR Color Component Remote Code Execution Vulnerability
SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...
Symantec Norton Security IDSvix86 PE Remote System Denial of Service Vulnerability
SUMMARY A denial of service vulnerability exists in the Portable Executable file scanning functionality of Symantec Norton Security. A specially crafted PE file can cause an access violation in IDSvix86 kernel driver resulting in denial of service. An attacker can trigger this vulnerability for...
Libgraphite directrun Opcode Handling Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0058 Libgraphite directrun Opcode Handling Code Execution Vulnerability February 5, 2016 CVE Number CVE-2016-1521 Description An exploitable out-of-bounds read vulnerability exists in the opcode handling functionality of Libgraphite. A specially crafted font...
Libgraphite Bidirectional Font BracketPairStack Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0057 Libgraphite Bidirectional Font BracketPairStack Code Execution Vulnerability February 5, 2016 CVE Number CVE-2016-1522 Description An exploitable out-of-bounds access vulnerability exists in the bidirectional font handling functionality of Libgraphite. A...
Network Time Protocol Private Mode 'reslist' NULL Pointer Dereference Vulnerability
Summary An unauthenticated ntpdc reslist command can cause a segmentation fault in ntpd by causing a NULL pointer dereference. The following conditions must be met: 1. Mode 7 must be enabled. By default, mode 7 is disabled. 2. A large enough number of entries must exist in the restrict list to...
Network Time Protocol ntpq Control Protocol Replay Vulnerability
CERT VU357792 Summary The ntpq protocol is vulnerable to replay attacks. The sequence number being included under the signature fails to prevent replay attacks for two reasons. Commands that don’t require authentication can be used to move the sequence number forward, and NTP doesn’t actually car...
Network Time Protocol ntpq Special Character Filtering Vulnerability
Summary The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Only back slash and forward slash are currently filtered out. There are other special characters that are allowed in the filename which can cause issues during globbing. In additio...
RTMPDump rtmpsrv PlayPath Null Pointer Dereference
Talos Vulnerability Report TALOS-2016-0068 RTMPDump rtmpsrv PlayPath Null Pointer Dereference January 7, 2016 CVE Number CVE-2015-8272 Description A vulnerability exists in rtmpsrv in which an attacker can entice a user to utilize rtmpsrv to save an RTMP media stream that is missing a playpath...
Microsoft .NET Manifest Resource Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2015-0130 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...
Network Time Protocol Trusted Keys Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0054 Network Time Protocol Trusted Keys Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7849 Description An exploitable use-after-free vulnerability exists in the password management functionality of the Network Time Protocol. A specially...
Network Time Protocol ntpd multiple integer overflow read access violations
Talos Vulnerability Report TALOS-2015-0052 Network Time Protocol ntpd multiple integer overflow read access violations October 21, 2015 CVE Number CVE-2015-7848 Description When processing a specially crafted private mode packet, an integer overflow can occur leading to out of bounds memory copy...
Network Time Protocol Remote Configuration Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0055 Network Time Protocol Remote Configuration Denial of Service Vulnerability October 21, 2015 CVE Number CVE-2015-7850 Description An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol....
Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1968 Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability August 13, 2024 CVE Number CVE-2024-38062 SUMMARY An out-of-bounds read vulnerability exists in the License Update Field Type 0xC9 functionality of Microsoft...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability
Talos Vulnerability Report TALOS-2023-1854 TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability February 6, 2024 CVE Number CVE-2023-47209 SUMMARY A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability
Talos Vulnerability Report TALOS-2023-1853 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-36498 SUMMARY A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206...
Foxit Reader Javascript exportDataObject arbitrary file creation vulnerability
Talos Vulnerability Report TALOS-2023-1833 Foxit Reader Javascript exportDataObject arbitrary file creation vulnerability November 27, 2023 CVE Number CVE-2023-40194 SUMMARY An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to...
Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1764 Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34346 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A...
Milesight UR32L eventcore access violation vulnerability
Talos Vulnerability Report TALOS-2023-1696 Milesight UR32L eventcore access violation vulnerability July 6, 2023 CVE Number CVE-2023-23571 SUMMARY An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to...
Milesight UR32L urvpn_client http_connection_readcb stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1718 Milesight UR32L urvpnclient httpconnectionreadcb stack-based buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24019 SUMMARY A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesigh...
Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability
Talos Vulnerability Report TALOS-2022-1565 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability October 20, 2022 CVE Number CVE-2022-32574 SUMMARY A double-free vulnerability exists in the web interface /action/ipcamSetParamPost...
InHand Networks InRouter302 web interface session cookie information disclosure vulnerability
Summary An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal t...
Advantech SQ Manager Server 1.0.6 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Advantech SQ...
Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability
Summary A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to arbitrary file overwrite. An attacker can provide malicious input to trigger this vulnerability. Tested...
Anker Eufy Homebase 2 home_security wifi_country_code_update command execution vulnerability
Talos Vulnerability Report TALOS-2021-1381 Anker Eufy Homebase 2 homesecurity wificountrycodeupdate command execution vulnerability November 29, 2021 CVE Number CVE-2021-21954 SUMMARY A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of...
Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities
Summary Multiple OS command injection vulnerabilities exist in the Web Manager SSL Credential Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
AT&T Labs Xmill XML decompression LabelDict::Load heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T La...
Accusoft ImageGear TIF bits_per_sample processing out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the TIF bitspersample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...
Openscad import_stl.cc:import_stl() stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Openscad...
BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability
Talos Vulnerability Report TALOS-2020-1032 BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability November 6, 2020 CVE Number CVE-2020-6099 SUMMARY An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.232...
Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux
Talos Vulnerability Report TALOS-2020-1157 Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux November 5, 2020 CVE Number CVE-2020-24435 SUMMARY A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe...
Siemens LOGO! Web Server Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Web Server functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted HTTP request can cause memory corruption resulting in a code execution. An attacker can send an unauthenticated...
Glacies IceHRM Admin Reports SQL injection Vulnerability
Summary An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability
Summary An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacke...
Synology SRM DHCP monitor hostname parsing Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the DHCP monitor’s hostname parsing functionality of Synology SRM 1.2.3 MR2200ac 8017 and 1.2.3 RT2600ac 8017. A specially crafted network request can cause an out-of-bounds read resulting in a denial of service. An attacker can sen...
Schneider Electric Modicon M580 outdated firmware image FTP upgrade denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An outdated firmware image can cause the device to enter a non-recoverable fault state,...
Schneider Electric Modicon M580 HTTP Request Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the HTTP request processing of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. An appropriately timed HTTP request can cause the device to enter a non-recoverable fault state, resultin...
Circle with Disney WiFi Security Downgrade Vulnerability
Summary An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one, can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a...
Apache OpenOffice DOC WW8Fonts Constructor Code Execution Vulnerability
Summary An exploitable out of bound write vulnerability exists in the WW8Fonts::WW8Fonts functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause an out of bound write potentially resulting in arbitrary code execution. An attacker can send/provide a malicious doc file to...
Moxa AWK-3131A Web Application Multiple Reflected Cross-Site Scripting Vulnerabilities
Summary An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Tested Versions...
Oracle Outside In Technology RTF Parsing Code Execution Vulnerability
Summary An exploitable Use After Free vulnerability exists in the RTF parser functionality of Oracle Outside In Technology SDK. A specially crafted RTF document can cause a reuse of a reference to the previously freed memory which can be manipulated into achieving arbitrary code execution. Tested...
LibTIFF PixarLogDecode Remote Code Execution Vulnerability
Summary An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF’s PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled...
Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities
Talos Vulnerability Report TALOS-2016-0031 Ruby TclTkIp ipcanceleval Type Confusion Vulnerabilities June 14, 2016 CVE Number CVE-2016-2337 DESCRIPTION Type Confusion exists in canceleval Ruby’s TclTkIp class method. Attacker passing different type of object than String as “retval” argument can...
Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities
Talos Vulnerability Report TALOS-2015-0024 Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities July 16, 2015 CVE Number CVE-2015-2869 Description Multiple exploitable denial of service vulnerabilities exist in the FileInfo Plugin for Total Commander. An attacker who can...
GoCast NAT parameter OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1961 GoCast NAT parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-29224 SUMMARY An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command...
Realtek rtl819x Jungle SDK boa formRoute stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1894 Realtek rtl819x Jungle SDK boa formRoute stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-41251 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11....
AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24963,CVE-2024-24962 SUMMARY A stack-based buffer overflow vulnerability exists in the Programming Software...
GTKWave FST fstReaderIterBlocks2 VCDATA parsing heap-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1785 GTKWave FST fstReaderIterBlocks2 VCDATA parsing heap-based buffer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-35956,CVE-2023-35957,CVE-2023-35958,CVE-2023-35955 SUMMARY Multiple heap-based buffer overflow vulnerabilities exist in the...
Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...