2224 matches found
Yifan YF325 gwcfg_cgi_set_manage_post_data stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1788 Yifan YF325 gwcfgcgisetmanagepostdata stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35967,CVE-2023-35968 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yif...
Accusoft ImageGear tiff_planar_adobe out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1750 Accusoft ImageGear tiffplanaradobe out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-32284 SUMMARY An out-of-bounds write vulnerability exists in the tiffplanaradobe functionality of Accusoft ImageGear 20.1. A specially crafted...
Milesight UR32L libzebra.so change_hostname OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1699 Milesight UR32L libzebra.so changehostname OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22659 SUMMARY An os command injection vulnerability exists in the libzebra.so changehostname functionality of Milesight UR32L v32.3.0.5. A...
ESTsoft Alyac NT header out of bounds read
Talos Vulnerability Report TALOS-2022-1682 ESTsoft Alyac NT header out of bounds read February 2, 2023 CVE Number CVE-2022-43665 SUMMARY A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target...
OpenImageIO RLA format rle span out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2022-1629 OpenImageIO RLA format rle span out-of-bounds read vulnerability December 22, 2022 CVE Number CVE-2022-36354 SUMMARY A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More...
OpenStack Kolla sudo privilege escalation vulnerability
Talos Vulnerability Report TALOS-2022-1589 OpenStack Kolla sudo privilege escalation vulnerability December 20, 2022 CVE Number CVE-2022-38060 SUMMARY A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers...
VMware vCenter Server Content Library denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1588 VMware vCenter Server Content Library denial of service vulnerability December 13, 2022 CVE Number CVE-2022-31698 SUMMARY A denial of service vulnerability exists in the Content Library functionality of VMware vCenter Server 6.5 Update 3t. A...
Abode Systems, Inc. iota All-In-One Security Kit XCMD doDebug OS Command Injection vulnerability
Talos Vulnerability Report TALOS-2022-1556 Abode Systems, Inc. iota All-In-One Security Kit XCMD doDebug OS Command Injection vulnerability October 20, 2022 CVE Number CVE-2022-32773 SUMMARY An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota...
Garrett Metal Detectors iC Module CMA check_udp_crc strcpy stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this...
Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'device_list' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘devicelist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as...
Lantronix PremierWave 2050 Web Manager FsUnmount stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...
Accusoft ImageGear SGI RLE decompression out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2020-1182 Accusoft ImageGear SGI RLE decompression out-of-bounds write vulnerability February 9, 2021 CVE Number CVE-2020-13571 Summary An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially...
Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27651 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality of...
F2fs-Tools F2fs.Fsck fsck_chk_orphan_node Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the fsckchkorphannode functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerabilit...
NVIDIA NVWGF2UMX_CFG.DLL shader functionality denial-of-service vulnerability
Summary An exploitable denial of service vulnerability exists in NVIDIA NVWGF2UMXCFG.DLL version 26.21.14.4128 and 26.21.14.4166 on NVIDIA D3D10 and version 441.28 and 441.66 on NVIDIA Quadro K620. A specially crafted pixel shader can cause denial of service issues. An attacker can provide a...
Mozilla Firefox SharedWorkerService Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the SharedWorkerService functionality of Mozilla Firefox 76.0a1 2020-04-01 x64. A specially crafted HTML web page can cause a use after free condition, resulting in a remote code execution. The victim needs to visit malicious web site ...
Synology SRM SafeAccess 1.2.1-0220 code execution Vvulnerability
Summary An exploitable code execution vulnerability exists in the SafeAccess 1.2.1-0220 package of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted domain access request can lead to an SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Synolo...
Videolabs libmicrodns 0.1.0 resource allocation denial-of-service vulnerabilities
Summary Multiple exploitable denial-of-service vulnerabilities exist in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustio...
Accusoft ImageGear TIFF TIF_read_stripdata code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a...
AMD ATI Radeon ATIDXX64.DLL MOVC shader functionality denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
Pixar Renderman install helper privilege escalation vulnerability
Summary A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to...
ACD Systems Canvas Draw 4 Invert Map Out-of-Bounds Write Code Execution Vulnerability
Summary An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
Simple DirectMedia Layer SDL2_Image IMG_LoadPCX_RW Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of SDL2image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to...
Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer Overflow Vulnerability
Summary A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. Tested Versions Simple DirectMedia Layer...
Iceni Argus icnChainAlloc Signed Comparison Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this...
Nitro Pro 10 PDF Handling Code Execution Vulnerability
Summary A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this...
Aerospike Database Server Client Message Memory Disclosure Vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be use...
Oracle OIT IX SDK TIFF ExtraSamples Code Execution Vulnerabiity
Talos Vulnerability Report TALOS-2016-0103 Oracle OIT IX SDK TIFF ExtraSamples Code Execution Vulnerabiity July 19, 2016 CVE Number CVE-2016-3581 Description While parsing a specially crafted TIFF file, a parser confussion can lead to a heap buffer overflow resulting in out of bounds memory...
Oracle OIT ContentAccess libvs_word Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0156 Oracle OIT ContentAccess libvsword Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3590 Description A partially controlled memory write vulnerability exists in Mac Word file format of Oracle Outside In Technology Content Access SDK. An...
The Document Foundation LibreOffice RTF Stylesheet Code Execution Vulnerability
SUMMARY An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable application...
Libarchive zip zip_read_mac_metadata Code Execution Vulnerability
SUMMARY An exploitable heap overflow vulnerability exists in the zip archive decompression functionality of libarchive. A specially crafted zip file can cause memory corruption leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS libarchi...
Microsoft Outlook for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1972 Microsoft Outlook for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-42220 SUMMARY A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook’s access...
Realtek rtl819x Jungle SDK boa formDnsv6 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1876 Realtek rtl819x Jungle SDK boa formDnsv6 stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-48270 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11....
AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1936 AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24851 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn...
Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability
Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...
llama.cpp GGUF library info->ne heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1914 llama.cpp GGUF library info-ne heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21802 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A special...
Weston Embedded uC-TCP-IP ICMP/ICMPv6 parsing denial of service vulnerabilities
Talos Vulnerability Report TALOS-2023-1828 Weston Embedded uC-TCP-IP ICMP/ICMPv6 parsing denial of service vulnerabilities February 20, 2024 CVE Number CVE-2023-39540,CVE-2023-39541 SUMMARY A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd web filtering Command injection Vulnerability
Talos Vulnerability Report TALOS-2023-1859 TP-Link ER7206 Omada Gigabit VPN Router uhttpd web filtering Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-47618 SUMMARY A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link...
WWBN AVideo getLanguageFromBrowser local file inclusion vulnerability
Talos Vulnerability Report TALOS-2023-1886 WWBN AVideo getLanguageFromBrowser local file inclusion vulnerability January 10, 2024 CVE Number CVE-2023-47862 SUMMARY A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. ...
GPSd NTRIP Stream Parsing access violation vulnerability
Talos Vulnerability Report TALOS-2023-1860 GPSd NTRIP Stream Parsing access violation vulnerability December 5, 2023 CVE Number CVE-2023-43628 SUMMARY An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead...
Microsoft Office Professional Plus 2019 FCommitHtmlPivotCacheElement use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1835 Microsoft Office Professional Plus 2019 FCommitHtmlPivotCacheElement use-after-free vulnerability November 15, 2023 CVE Number CVE-2023-36041 SUMMARY A use-after-free vulnerability exists in the ElementType attribute parsing in Microsoft Office...
peplink Surf SOHO HW1 data.cgi xfer_dns OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1778 peplink Surf SOHO HW1 data.cgi xferdns OS command injection vulnerability October 11, 2023 CVE Number CVE-2023-34356 SUMMARY An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A...
Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1742 Accusoft ImageGear tifprocessingdngchannelcount stack-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-28393 SUMMARY A stack-based buffer overflow vulnerability exists in the tifprocessingdngchannelcount functionality of Accusof...
Accusoft ImageGear allocate_buffer_for_jpeg_decoding out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1836 Accusoft ImageGear allocatebufferforjpegdecoding out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-40163 SUMMARY An out-of-bounds write vulnerability exists in the allocatebufferforjpegdecoding functionality of Accusoft ImageGear...
Open Babel MOL2 format attribute and value out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1664 Open Babel MOL2 format attribute and value out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-43607 SUMMARY An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master...
Milesight MilesightVPN requestHandlers.js LoginAuth SQL injection vulnerability
Talos Vulnerability Report TALOS-2023-1701 Milesight MilesightVPN requestHandlers.js LoginAuth SQL injection vulnerability July 6, 2023 CVE Number CVE-2023-22319 SUMMARY A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A...
Milesight UR32L vtysh_ubus _get_fw_logs OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1712 Milesight UR32L vtyshubus getfwlogs OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22299 SUMMARY An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted...
Lenovo Group Ltd. Smart Clock Essential SSH hard-coded password vulnerability
Talos Vulnerability Report TALOS-2023-1692 Lenovo Group Ltd. Smart Clock Essential SSH hard-coded password vulnerability April 13, 2023 CVE Number CVE-2023-0896 SUMMARY A hard-coded password vulnerability exists in the SSH, telnet functionality of Lenovo Group Ltd. Smart Clock Essential 4.9.113. ...
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1638 Siretta QUARTZ-GOLD m2m DELETEFILE cmd OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40222 SUMMARY An OS command injection vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-14102...
Callback technologies CBFS Filter handle_ioctl_0x830a0_systembuffer null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1649 Callback technologies CBFS Filter handleioctl0x830a0systembuffer null pointer dereference vulnerability November 22, 2022 CVE Number CVE-2022-43590 SUMMARY A null pointer dereference vulnerability exists in the handleioctl0x830a0systembuffer functionalit...