2224 matches found
Blender BKE_mesh_calc_normals_tessface Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the BKEmeshcalcnormalstessface functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Circle with Disney Rclient SSL TLD MITM Vulnerability
Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...
Foscam IP Video Camera CGIProxy.fcgi DNS1 Address Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Sender Parameter Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...
AntennaHouse DMC HTMLFilter GetIndexArray Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of AntennaHouse DMC HTMLFilter as used by MarkLogioc 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious XLS...
Moxa AWK-3131A HTTP GET Denial of Service Vulnerability
Summary An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an ‘/’ will cause a segmentation fault in the web server. An attacker can send any of a multitude of...
HDF5 Group libhdf5 H5T_ARRAY Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0176 HDF5 Group libhdf5 H5TARRAY Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4330 Description HDF5 is a fileformat that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization ...
Memcached Server SASL Autentication Remote Code Execution Vulnerability
Summary An integer overflow in processbinsaslauth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv3 Score 8.1 -...
Oracle OIT libim_psi2 psiparse Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0161 Oracle OIT libimpsi2 psiparse Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3594 Description A memory corruption vulnerability exists in file parsing code of Oracle Outside In Technology libimpsi2 library. Specifically, a integer overflo...
Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability
Talos Vulnerability Report TALOS-2024-2089 Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability January 8, 2025 CVE Number CVE-2024-12105 SUMMARY A path traversal vulnerability exists in the handling of SnmpExtendedActiveMonitor requests in Progress WhatsUp Gold 24.0.1 Bui...
Foxit Reader ComboBox widget Format event use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1959 Foxit Reader ComboBox widget Format event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25648 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript...
OFFIS DCMTK DVPSSoftcopyVOI_PList::createFromImage incorrect type conversion vulnerability
Talos Vulnerability Report TALOS-2024-1957 OFFIS DCMTK DVPSSoftcopyVOIPList::createFromImage incorrect type conversion vulnerability April 23, 2024 CVE Number CVE-2024-28130 SUMMARY An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOIPList::createFromImage functionality of OFF...
GTKWave VZT facgeometry parsing integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1812 GTKWave VZT facgeometry parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-38618,CVE-2023-38621,CVE-2023-38620,CVE-2023-38619,CVE-2023-38623,CVE-2023-38622 SUMMARY Multiple integer overflow vulnerabilities exist in the VZT...
GTKWave LXT2 zlib block decompression out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1823 GTKWave LXT2 zlib block decompression out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-38657 SUMMARY An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially craft...
GTKWave EVCD var len parsing improper array index validation vulnerability
Talos Vulnerability Report TALOS-2023-1803 GTKWave EVCD var len parsing improper array index validation vulnerability January 8, 2024 CVE Number CVE-2023-34087 SUMMARY An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially...
Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1725 Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability November 14, 2023 CVE Number CVE-2023-24585 SUMMARY An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafte...
Google Chrome VideoEncoder av1_svc_check_reset_layer_rc_flag use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1751 Google Chrome VideoEncoder av1svccheckresetlayerrcflag use-after-free vulnerability September 25, 2023 CVE Number CVE-2023-3421 SUMMARY A use-after-free vulnerability exists in the VideoEncoder av1svccheckresetlayerrcflag functionality of Google Chrome...
VMware vCenter Server DCERPC save_sec_fragment out-of-bounds pointer vulnerability
Talos Vulnerability Report TALOS-2023-1740 VMware vCenter Server DCERPC savesecfragment out-of-bounds pointer vulnerability July 13, 2023 CVE Number CVE-2023-20895 SUMMARY A memory corruption vulnerability with a potential for authentication bypass exists in the DCERPC service as used by VMware...
OpenImageIO Project OpenImageIO TGAInput::read_tga2_header information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1707 OpenImageIO Project OpenImageIO TGAInput::readtga2header information disclosure vulnerability March 30, 2023 CVE Number CVE-2023-24473 SUMMARY An information disclosure vulnerability exists in the TGAInput::readtga2header functionality of OpenImageIO...
Siretta QUARTZ-GOLD httpd delfile.cgi stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1605 Siretta QUARTZ-GOLD httpd delfile.cgi stack-based buffer overflow vulnerability January 26, 2023 CVE Number CVE-2022-36279 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD...
OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1653 OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43594,CVE-2022-43595 SUMMARY Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageI...
NVIDIA D3D10 Driver Shader Functionality DCL_INDEXRANGE instruction memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1604 NVIDIA D3D10 Driver Shader Functionality DCLINDEXRANGE instruction memory corruption vulnerability December 6, 2022 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality DCLINDEXRANGE instruction...
Callback technologies CBFS Filter handle_ioctl_8314C null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1648 Callback technologies CBFS Filter handleioctl8314C null pointer dereference vulnerability November 22, 2022 CVE Number CVE-2022-43589 SUMMARY A null pointer dereference vulnerability exists in the handleioctl8314C functionality of Callback technologies...
Foxit Reader deletePages Field Calculate use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1600 Foxit Reader deletePages Field Calculate use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-32774 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely...
WWBN AVideo image403 cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2022-1539 WWBN AVideo image403 cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-30690 SUMMARY A cross-site scripting xss vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...
TCL LinkHub Mesh Wifi confctl_set_master_wlan denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1505 TCL LinkHub Mesh Wifi confctlsetmasterwlan denial of service vulnerability August 1, 2022 CVE Number CVE-2022-27185 SUMMARY A denial of service vulnerability exists in the confctlsetmasterwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A...
InHand Networks InRouter302 console inhand command execution vulnerability
Summary A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHan...
Gerbv RS-274X aperture macro outline primitive out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit d7f42a9a. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a...
Eclipse Foundation Paho MQTTClient-C library readPacket out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the readPacket functionality of Eclipse Foundation Embedded Paho MQTTClient-C library v1.0.0. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can send a malicious MQTT message to trigger this vulnerability...
Garrett Metal Detectors iC Module CMA CLI getenv command directory traversal vulnerability
Summary A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...
Garrett Metal Detectors iC Module CMA CLI del[env] command directory traversal vulnerabilities
Summary Directory traversal vulnerabilities exist in the CMA CLI del and delenv commands of Garrett Metal Detectors’ iC Module CMA Version 5.0. Specially-crafted command line arguments can lead to arbitrary file deletion. An attacker can provide malicious inputs to trigger these vulnerabilities...
Lantronix PremierWave 2050 Web Manager FsUnmount OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Test...
Lantronix PremierWave 2050 Web Manager Ping stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
AT&T Labs Xmill XML parsing ParseAttribs memory corruption vulnerability
Summary A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0.7...
Win-911 mobile server platform privilege escalation vulnerability
Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other...
F2fs-Tools F2fs.Fsck init_node_manager Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...
NVIDIA D3D10 Driver nvwgf2umx_cfg.dll nvwg FTOI code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg functionality of NVIDIA Corporation NVIDIA D3D10 driver nvwgf2umxcfg.dll, version 442.50 - 26.21.14.4250. A specially crafted shader could allow an adversary to execute remote code. An attacker can use this vulnerability to...
Nest Labs Nest Cam IQ Indoor Weave PASE pairing brute force vulnerability
Summary An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An...
Insteon Hub HTTPExecuteGet Firmware Update host Parameter Buffer Overflow Vulnerability
Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET...
Natus Xltek EEG NeuroWorks ItemList Deserialization Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...
Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability
Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...
Natus Xltek EEG NeuroWorks OpenProducer Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested...
Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
Blender Sequencer avi_format_convert Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created .avi file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
InsideSecure MatrixSSL x509 certificate General Names Information Disclosure Vulnerability
Summary An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a...
Foscam IP Video Camera CGIProxy.fcgi Account Deletion Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resultin...
Aerospike Database Server Client Batch Request Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attack...
Aerospike Database Server RW Fabric Message Particle Type Code Execution Vulnerability
Summary An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An...
Apple GarageBand Out of Bounds Write Code Execution Vulnerability
Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple’s GarageBand version 10.1.5. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means. This...
Nvidia Windows Kernel Mode Driver Denial Of Service
Summary An local denial of service vulnerability exists in the communication functionality of Nvidia Windows Kernel Mode Driver. A specially crafted message can cause a vulnerability resulting in a machine crash BSOD. An attacker can send a specific message to trigger this vulnerability. Tested...