2224 matches found
Advantech SQ Manager Server 1.0.6 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Advantech SQ...
Garrett Metal Detectors iC Module CMA check_udp_crc strcpy stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this...
Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability
Summary A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to arbitrary file overwrite. An attacker can provide malicious input to trigger this vulnerability. Tested...
Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities
Summary Multiple OS command injection vulnerabilities exist in the Web Manager SSL Credential Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
Lantronix PremierWave 2050 Web Manager FsUnmount stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...
AT&T Labs Xmill XML decompression LabelDict::Load heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T La...
Openscad import_stl.cc:import_stl() stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Openscad...
Accusoft ImageGear SGI RLE decompression out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2020-1182 Accusoft ImageGear SGI RLE decompression out-of-bounds write vulnerability February 9, 2021 CVE Number CVE-2020-13571 Summary An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially...
Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux
Talos Vulnerability Report TALOS-2020-1157 Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux November 5, 2020 CVE Number CVE-2020-24435 SUMMARY A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe...
Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27651 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality of...
Videolabs libmicrodns 0.1.0 resource allocation denial-of-service vulnerabilities
Summary Multiple exploitable denial-of-service vulnerabilities exist in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustio...
AMD ATI Radeon ATIDXX64.DLL MOVC shader functionality denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
Pixar Renderman install helper privilege escalation vulnerability
Summary A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to...
ACD Systems Canvas Draw 4 Invert Map Out-of-Bounds Write Code Execution Vulnerability
Summary An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
Simple DirectMedia Layer SDL2_Image IMG_LoadPCX_RW Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of SDL2image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to...
Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer Overflow Vulnerability
Summary A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. Tested Versions Simple DirectMedia Layer...
Iceni Argus icnChainAlloc Signed Comparison Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this...
Nitro Pro 10 PDF Handling Code Execution Vulnerability
Summary A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this...
Aerospike Database Server Client Message Memory Disclosure Vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be use...
Oracle OIT IX SDK TIFF ExtraSamples Code Execution Vulnerabiity
Talos Vulnerability Report TALOS-2016-0103 Oracle OIT IX SDK TIFF ExtraSamples Code Execution Vulnerabiity July 19, 2016 CVE Number CVE-2016-3581 Description While parsing a specially crafted TIFF file, a parser confussion can lead to a heap buffer overflow resulting in out of bounds memory...
Oracle OIT ContentAccess libvs_word Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0156 Oracle OIT ContentAccess libvsword Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3590 Description A partially controlled memory write vulnerability exists in Mac Word file format of Oracle Outside In Technology Content Access SDK. An...
The Document Foundation LibreOffice RTF Stylesheet Code Execution Vulnerability
SUMMARY An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable application...
Libarchive zip zip_read_mac_metadata Code Execution Vulnerability
SUMMARY An exploitable heap overflow vulnerability exists in the zip archive decompression functionality of libarchive. A specially crafted zip file can cause memory corruption leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS libarchi...
Microsoft Outlook for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1972 Microsoft Outlook for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-42220 SUMMARY A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook’s access...
Realtek rtl819x Jungle SDK boa formDnsv6 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1876 Realtek rtl819x Jungle SDK boa formDnsv6 stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-48270 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11....
AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1936 AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24851 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn...
Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability
Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...
llama.cpp GGUF library info->ne heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1914 llama.cpp GGUF library info-ne heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21802 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A special...
Weston Embedded uC-TCP-IP ICMP/ICMPv6 parsing denial of service vulnerabilities
Talos Vulnerability Report TALOS-2023-1828 Weston Embedded uC-TCP-IP ICMP/ICMPv6 parsing denial of service vulnerabilities February 20, 2024 CVE Number CVE-2023-39540,CVE-2023-39541 SUMMARY A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded...
WWBN AVideo getLanguageFromBrowser local file inclusion vulnerability
Talos Vulnerability Report TALOS-2023-1886 WWBN AVideo getLanguageFromBrowser local file inclusion vulnerability January 10, 2024 CVE Number CVE-2023-47862 SUMMARY A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. ...
GPSd NTRIP Stream Parsing access violation vulnerability
Talos Vulnerability Report TALOS-2023-1860 GPSd NTRIP Stream Parsing access violation vulnerability December 5, 2023 CVE Number CVE-2023-43628 SUMMARY An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead...
Microsoft Office Professional Plus 2019 FCommitHtmlPivotCacheElement use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1835 Microsoft Office Professional Plus 2019 FCommitHtmlPivotCacheElement use-after-free vulnerability November 15, 2023 CVE Number CVE-2023-36041 SUMMARY A use-after-free vulnerability exists in the ElementType attribute parsing in Microsoft Office...
peplink Surf SOHO HW1 data.cgi xfer_dns OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1778 peplink Surf SOHO HW1 data.cgi xferdns OS command injection vulnerability October 11, 2023 CVE Number CVE-2023-34356 SUMMARY An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A...
Accusoft ImageGear allocate_buffer_for_jpeg_decoding out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1836 Accusoft ImageGear allocatebufferforjpegdecoding out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-40163 SUMMARY An out-of-bounds write vulnerability exists in the allocatebufferforjpegdecoding functionality of Accusoft ImageGear...
Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1742 Accusoft ImageGear tifprocessingdngchannelcount stack-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-28393 SUMMARY A stack-based buffer overflow vulnerability exists in the tifprocessingdngchannelcount functionality of Accusof...
Milesight MilesightVPN requestHandlers.js LoginAuth SQL injection vulnerability
Talos Vulnerability Report TALOS-2023-1701 Milesight MilesightVPN requestHandlers.js LoginAuth SQL injection vulnerability July 6, 2023 CVE Number CVE-2023-22319 SUMMARY A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A...
Milesight UR32L libzebra.so change_hostname OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1699 Milesight UR32L libzebra.so changehostname OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22659 SUMMARY An os command injection vulnerability exists in the libzebra.so changehostname functionality of Milesight UR32L v32.3.0.5. A...
Milesight UR32L vtysh_ubus _get_fw_logs OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1712 Milesight UR32L vtyshubus getfwlogs OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22299 SUMMARY An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted...
Lenovo Group Ltd. Smart Clock Essential SSH hard-coded password vulnerability
Talos Vulnerability Report TALOS-2023-1692 Lenovo Group Ltd. Smart Clock Essential SSH hard-coded password vulnerability April 13, 2023 CVE Number CVE-2023-0896 SUMMARY A hard-coded password vulnerability exists in the SSH, telnet functionality of Lenovo Group Ltd. Smart Clock Essential 4.9.113. ...
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1638 Siretta QUARTZ-GOLD m2m DELETEFILE cmd OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40222 SUMMARY An OS command injection vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-14102...
OpenStack Kolla sudo privilege escalation vulnerability
Talos Vulnerability Report TALOS-2022-1589 OpenStack Kolla sudo privilege escalation vulnerability December 20, 2022 CVE Number CVE-2022-38060 SUMMARY A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers...
Callback technologies CBFS Filter handle_ioctl_0x830a0_systembuffer null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1649 Callback technologies CBFS Filter handleioctl0x830a0systembuffer null pointer dereference vulnerability November 22, 2022 CVE Number CVE-2022-43590 SUMMARY A null pointer dereference vulnerability exists in the handleioctl0x830a0systembuffer functionalit...
Abode Systems, Inc. iota All-In-One Security Kit web interface /action/factory* authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1554 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/factory authentication bypass vulnerability October 20, 2022 CVE Number CVE-2022-29477 SUMMARY An authentication bypass vulnerability exists in the web interface /action/factory...
Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost integer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1564 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost integer overflow vulnerability October 20, 2022 CVE Number CVE-2022-32775 SUMMARY An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost...
Abode Systems, Inc. iota All-In-One Security Kit XCMD getVarHA memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1582 Abode Systems, Inc. iota All-In-One Security Kit XCMD getVarHA memory corruption vulnerability October 20, 2022 CVE Number CVE-2022-35244 SUMMARY A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iot...
WWBN AVideo all cross-site request forgery (csrf) vulnerability
Talos Vulnerability Report TALOS-2022-1534 WWBN AVideo all cross-site request forgery csrf vulnerability August 16, 2022 CVE Number CVE-2022-29468 SUMMARY A cross-site request forgery CSRF vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request ca...
WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1546 WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability August 16, 2022 CVE Number CVE-2022-30534 SUMMARY An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit...
TCL LinkHub Mesh Wi-Fi confsrv confctl_set_app_language stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1462 TCL LinkHub Mesh Wi-Fi confsrv confctlsetapplanguage stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23103 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv confctlsetapplanguage functionality of TCL...
TCL LinkHub Mesh Wifi libcommonprod.so prod_change_root_passwd hard-coded password vulnerability
Talos Vulnerability Report TALOS-2022-1459 TCL LinkHub Mesh Wifi libcommonprod.so prodchangerootpasswd hard-coded password vulnerability August 1, 2022 CVE Number CVE-2022-22144 SUMMARY A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL...
TCL LinkHub Mesh Wi-Fi confsrv ucloud_set_node_location stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1483 TCL LinkHub Mesh Wi-Fi confsrv ucloudsetnodelocation stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-26009 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv ucloudsetnodelocation functionality of TCL...