2224 matches found
Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost integer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1564 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost integer overflow vulnerability October 20, 2022 CVE Number CVE-2022-32775 SUMMARY An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost...
Abode Systems, Inc. iota All-In-One Security Kit XCMD getVarHA memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1582 Abode Systems, Inc. iota All-In-One Security Kit XCMD getVarHA memory corruption vulnerability October 20, 2022 CVE Number CVE-2022-35244 SUMMARY A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iot...
WWBN AVideo all cross-site request forgery (csrf) vulnerability
Talos Vulnerability Report TALOS-2022-1534 WWBN AVideo all cross-site request forgery csrf vulnerability August 16, 2022 CVE Number CVE-2022-29468 SUMMARY A cross-site request forgery CSRF vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request ca...
WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1546 WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability August 16, 2022 CVE Number CVE-2022-30534 SUMMARY An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit...
TCL LinkHub Mesh Wifi libcommonprod.so prod_change_root_passwd hard-coded password vulnerability
Talos Vulnerability Report TALOS-2022-1459 TCL LinkHub Mesh Wifi libcommonprod.so prodchangerootpasswd hard-coded password vulnerability August 1, 2022 CVE Number CVE-2022-22144 SUMMARY A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL...
TCL LinkHub Mesh Wi-Fi confsrv ucloud_set_node_location stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1483 TCL LinkHub Mesh Wi-Fi confsrv ucloudsetnodelocation stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-26009 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv ucloudsetnodelocation functionality of TCL...
TCL LinkHub Mesh Wi-Fi confsrv confctl_set_app_language stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1462 TCL LinkHub Mesh Wi-Fi confsrv confctlsetapplanguage stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23103 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv confctlsetapplanguage functionality of TCL...
InHand Networks InRouter302 router configuration export information disclosure vulnerability
Summary An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions...
InHand Networks InRouter302 iburn firmware checks firmware update vulnerability
Summary A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand Network...
Anker Eufy Homebase 2 home_security get_aes_key_info_by_packetid() authentication bypass vulnerability
Talos Vulnerability Report TALOS-2021-1382 Anker Eufy Homebase 2 homesecurity getaeskeyinfobypacketid authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21955 SUMMARY An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity...
LibreCad libdxfrw dxfRW::processLType() use-after-free vulnerability
Talos Vulnerability Report TALOS-2021-1351 LibreCad libdxfrw dxfRW::processLType use-after-free vulnerability November 17, 2021 CVE Number CVE-2021-21900 SUMMARY A code execution vulnerability exists in the dxfRW::processLType functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A...
Lantronix PremierWave 2050 Web Manager FSBrowsePage directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
F2fs-Tools F2fs.Fsck init_node_manager Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...
Microsoft Media Foundation CMP4MetadataHandler AddQTMetadata Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the mfmp4srcsnk.dll of Microsoft Media Foundation. A specially crafted QuickTime file can cause a Use-After-Free, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...
Nest Labs Nest Cam IQ Indoor Weave Legacy Pairing Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigge...
Nest Labs Nest Cam IQ Indoor Weave TCP connection denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability...
Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
Samsung SmartThings Hub video-core Database clips Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the “clips” table of its SQLite database, leading to a buffer overflow on...
Computerinsel Photoline PCX Run Length Encoding Code Execution Vulnerability
Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
Antenna House Office Server Document Converter GetShapePropery 0x105 code execution vulnerability
Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...
Natus Xltek EEG NeuroWorks NewProducerStream Use of Return Value Denial of Service Vulnerability
Summary An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to...
CPP-Ethereum JSON-RPC miner_setEtherbase improper authorization Vulnerability
Summary An exploitable improper authorization vulnerability exists in minersetEtherbase API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON t...
libxls xls_preparseWorkSheet MULBLANK Code Execution Vulnerability
Summary An exploitable integer overflow vulnerability exists in the xlspreparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this...
Nitro Pro PDF Handling Code Execution Vulnerability
Summary A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this...
Hancom Hangul HCell Workbook Table and Pivot Style Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0148 Hancom Hangul HCell Workbook Table and Pivot Style Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4293 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul...
Oracle OIT IX SDK GIF ImageWidth Code Execution Vulnerabiity
Talos Vulnerability Report TALOS-2016-0105 Oracle OIT IX SDK GIF ImageWidth Code Execution Vulnerabiity July 19, 2016 CVE Number CVE-2016-3583 Description While parsing a specially crafted GIF file, an integer overflow vulnerability and result in out of bounds heap memory overwrite potentially...
Oracle OIT ImageExport libvs_bmp BMP BI_RLE8 Width Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0163 Oracle OIT ImageExport libvsbmp BMP BIRLE8 Width Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3596 Description When parsing a specially crafted BMP file, an erroneous memory copy operation can cause a heap buffer overflow leading to...
Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability
Talos Vulnerability Report TALOS-2016-0128 Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability June 21, 2016 CVE Number CVE-2016-4323 DESCRIPTION A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...
Adobe Flash Player Infinite Recursion Arbitrary Read Access Violation
SUMMARY A potentially exploitable read access violation vulnerability exists in the a way Adobe Flash Player handles infinitely recursive calls. A specially crafted ActionScript code can cause a read access violation which can potentially be further abused. To trriger this vulnerability user...
Network Time Protocol Ephemeral Association Time Spoofing Vulnerability
SUMMARY ntpd is vulnerable to Sybil attacks. A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win ntpd’s clock selection algorithm and modify a victim’s clock. TESTED VERSIONS NTP 4.2.8p3 NTP 4.2.8p4 NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 NTPs...
Realtek rtl819x Jungle SDK boa formWsc stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1904 Realtek rtl819x Jungle SDK boa formWsc stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-49867 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A...
AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1937 AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24947,CVE-2024-24946 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software Connecti...
llama.cpp GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1912 llama.cpp GGUF library GGUFTYPEARRAY/GGUFTYPESTRING parsing heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21825 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library GGUFTYPEARRAY/GGUFTYPESTRING...
GTKWave FST LEB128 varint stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1783 GTKWave FST LEB128 varint stack-based buffer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-35704,CVE-2023-35703,CVE-2023-35702 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of...
GTKWave EVCD var len parsing improper array index validation vulnerability
Talos Vulnerability Report TALOS-2023-1803 GTKWave EVCD var len parsing improper array index validation vulnerability January 8, 2024 CVE Number CVE-2023-34087 SUMMARY An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially...
GTKWave LXT2 zlib block decompression out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1823 GTKWave LXT2 zlib block decompression out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-38657 SUMMARY An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially craft...
Yifan YF325 libutils.so nvram_restore stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1763 Yifan YF325 libutils.so nvramrestore stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34365 SUMMARY A stack-based buffer overflow vulnerability exists in the libutils.so nvramrestore functionality of Yifan YF325 v1.020221108...
Open Babel MOL2 format attribute and value out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1664 Open Babel MOL2 format attribute and value out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-43607 SUMMARY An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master...
VMware vCenter Server DCERPC save_sec_fragment out-of-bounds pointer vulnerability
Talos Vulnerability Report TALOS-2023-1740 VMware vCenter Server DCERPC savesecfragment out-of-bounds pointer vulnerability July 13, 2023 CVE Number CVE-2023-20895 SUMMARY A memory corruption vulnerability with a potential for authentication bypass exists in the DCERPC service as used by VMware...
Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1727 Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability May 26, 2023 CVE Number CVE-2023-1424 SUMMARY A memory corruption vulnerability exists in the MELSOFT Direct functionality of Mitsubishi Electric Corporation...
Weston Embedded uC-FTPs Authentication authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1680 Weston Embedded uC-FTPs Authentication authentication bypass vulnerability May 10, 2023 CVE Number CVE-2022-41985 SUMMARY An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially...
OpenImageIO Project OpenImageIO FitsOutput::close() denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1709 OpenImageIO Project OpenImageIO FitsOutput::close denial of service vulnerability March 30, 2023 CVE Number CVE-2023-24472 SUMMARY A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1...
OpenImageIO TIFF file IPTC data information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1631 OpenImageIO TIFF file IPTC data information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41649 SUMMARY A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A...
OpenImageIO Project OpenImageIO IFFOutput channel interleaving information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1654 OpenImageIO Project OpenImageIO IFFOutput channel interleaving information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-43596 SUMMARY An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of...
WWBN AVideo image403 cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2022-1539 WWBN AVideo image403 cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-30690 SUMMARY A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...
ESTsoft Alyac PE section headers out of bounds read
Talos Vulnerability Report TALOS-2022-1452 ESTsoft Alyac PE section headers out of bounds read May 10, 2022 CVE Number CVE-2022-21147 SUMMARY An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this...
Gerbv RS-274X aperture macro outline primitive out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit d7f42a9a. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a...
Accusoft ImageGear XWD parser heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10 Product URLs...
Eclipse Foundation Paho MQTTClient-C library readPacket out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the readPacket functionality of Eclipse Foundation Embedded Paho MQTTClient-C library v1.0.0. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can send a malicious MQTT message to trigger this vulnerability...
AT&T Labs Xmill XML parsing ParseAttribs memory corruption vulnerability
Summary A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0.7...