2224 matches found
F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...
Intel IGC64.DLL Shader Functionality DCL_OUTPUT code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...
Intel IGC64.DLL shader functionality realloc code execution vulnerability
Summary An exploitable pointer corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can corrupt a pointer, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to trigger th...
Zoom conference room connector service insufficient session invalidation
Summary Zoom Conference Room Connector services perform insufficient session invalidation upon certain user administration tasks which enable a demoted or deleted user to still access the room administration interface. If a user has administrative access to the connected device and if this access...
Nest Labs Nest Cam IQ Indoor WeaveCASEEngine::DecodeCertificateInfo denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of the Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a deni...
Insteon Hub Reboot Task Denial Of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send an UDP packet to trigger this vulnerability. Tested Versions Insteon Hub...
Simple DirectMedia Layer SDL2_Image load_xcf_tile_rle bpp Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this...
Blender draw_new_particle_system PART_DRAW_AXIS Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Blender mesh_calc_modifiers eModifierTypeType_OnlyDeform Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the...
Blender BKE_mesh_calc_normals_tessface Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the BKEmeshcalcnormalstessface functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Circle with Disney Rclient SSL TLD MITM Vulnerability
Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Sender Parameter Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...
Foscam IP Video Camera CGIProxy.fcgi DNS1 Address Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...
AntennaHouse DMC HTMLFilter GetIndexArray Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of AntennaHouse DMC HTMLFilter as used by MarkLogioc 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious XLS...
Moxa AWK-3131A HTTP GET Denial of Service Vulnerability
Summary An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an ‘/’ will cause a segmentation fault in the web server. An attacker can send any of a multitude of...
HDF5 Group libhdf5 H5T_ARRAY Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0176 HDF5 Group libhdf5 H5TARRAY Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4330 Description HDF5 is a fileformat that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization ...
Memcached Server SASL Autentication Remote Code Execution Vulnerability
Summary An integer overflow in processbinsaslauth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv3 Score 8.1 -...
Oracle OIT libim_psi2 psiparse Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0161 Oracle OIT libimpsi2 psiparse Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3594 Description A memory corruption vulnerability exists in file parsing code of Oracle Outside In Technology libimpsi2 library. Specifically, a integer overflo...
Network Time Protocol ntpd Reference Clock Impersonation Vulnerability
SUMMARY ntpd relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock 127.127.1.1 for example that reach...
Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability
Talos Vulnerability Report TALOS-2024-2089 Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability January 8, 2025 CVE Number CVE-2024-12105 SUMMARY A path traversal vulnerability exists in the handling of SnmpExtendedActiveMonitor requests in Progress WhatsUp Gold 24.0.1 Bui...
Foxit Reader ComboBox widget Format event use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1959 Foxit Reader ComboBox widget Format event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25648 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript...
OFFIS DCMTK DVPSSoftcopyVOI_PList::createFromImage incorrect type conversion vulnerability
Talos Vulnerability Report TALOS-2024-1957 OFFIS DCMTK DVPSSoftcopyVOIPList::createFromImage incorrect type conversion vulnerability April 23, 2024 CVE Number CVE-2024-28130 SUMMARY An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOIPList::createFromImage functionality of OFF...
GTKWave VZT facgeometry parsing integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1812 GTKWave VZT facgeometry parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-38618,CVE-2023-38621,CVE-2023-38620,CVE-2023-38619,CVE-2023-38623,CVE-2023-38622 SUMMARY Multiple integer overflow vulnerabilities exist in the VZT...
Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1725 Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability November 14, 2023 CVE Number CVE-2023-24585 SUMMARY An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafte...
Google Chrome VideoEncoder av1_svc_check_reset_layer_rc_flag use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1751 Google Chrome VideoEncoder av1svccheckresetlayerrcflag use-after-free vulnerability September 25, 2023 CVE Number CVE-2023-3421 SUMMARY A use-after-free vulnerability exists in the VideoEncoder av1svccheckresetlayerrcflag functionality of Google Chrome...
OpenImageIO Project OpenImageIO TGAInput::read_tga2_header information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1707 OpenImageIO Project OpenImageIO TGAInput::readtga2header information disclosure vulnerability March 30, 2023 CVE Number CVE-2023-24473 SUMMARY An information disclosure vulnerability exists in the TGAInput::readtga2header functionality of OpenImageIO...
Siretta QUARTZ-GOLD httpd delfile.cgi stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1605 Siretta QUARTZ-GOLD httpd delfile.cgi stack-based buffer overflow vulnerability January 26, 2023 CVE Number CVE-2022-36279 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD...
OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1653 OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43594,CVE-2022-43595 SUMMARY Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageI...
NVIDIA D3D10 Driver Shader Functionality DCL_INDEXRANGE instruction memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1604 NVIDIA D3D10 Driver Shader Functionality DCLINDEXRANGE instruction memory corruption vulnerability December 6, 2022 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality DCLINDEXRANGE instruction...
Callback technologies CBFS Filter handle_ioctl_8314C null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1648 Callback technologies CBFS Filter handleioctl8314C null pointer dereference vulnerability November 22, 2022 CVE Number CVE-2022-43589 SUMMARY A null pointer dereference vulnerability exists in the handleioctl8314C functionality of Callback technologies...
Foxit Reader deletePages Field Calculate use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1600 Foxit Reader deletePages Field Calculate use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-32774 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely...
TCL LinkHub Mesh Wifi confctl_set_master_wlan denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1505 TCL LinkHub Mesh Wifi confctlsetmasterwlan denial of service vulnerability August 1, 2022 CVE Number CVE-2022-27185 SUMMARY A denial of service vulnerability exists in the confctlsetmasterwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A...
TCL LinkHub Mesh Wifi confsrv set_port_fwd_rule stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1454 TCL LinkHub Mesh Wifi confsrv setportfwdrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23399 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setportfwdrule functionality of TCL LinkHub Mesh Wif...
InHand Networks InRouter302 console inhand command execution vulnerability
Summary A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHan...
Garrett Metal Detectors iC Module CMA CLI getenv command directory traversal vulnerability
Summary A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...
Garrett Metal Detectors iC Module CMA CLI del[env] command directory traversal vulnerabilities
Summary Directory traversal vulnerabilities exist in the CMA CLI del and delenv commands of Garrett Metal Detectors’ iC Module CMA Version 5.0. Specially-crafted command line arguments can lead to arbitrary file deletion. An attacker can provide malicious inputs to trigger these vulnerabilities...
Lantronix PremierWave 2050 Web Manager SslGenerateCSR stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...
Lantronix PremierWave 2050 Web Manager FsUnmount OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Test...
Lantronix PremierWave 2050 Web Manager Ping stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Win-911 mobile server platform privilege escalation vulnerability
Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other...
Allen-Bradley MicroLogix 1100 programmable logic controller systems IPv4 denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN...
NVIDIA D3D10 Driver nvwgf2umx_cfg.dll nvwg FTOI code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg functionality of NVIDIA Corporation NVIDIA D3D10 driver nvwgf2umxcfg.dll, version 442.50 - 26.21.14.4250. A specially crafted shader could allow an adversary to execute remote code. An attacker can use this vulnerability to...
Nest Labs Nest Cam IQ Indoor Weave PASE pairing brute force vulnerability
Summary An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An...
Insteon Hub HTTPExecuteGet Firmware Update host Parameter Buffer Overflow Vulnerability
Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET...
Natus Xltek EEG NeuroWorks ItemList Deserialization Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...
Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability
Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...
Natus Xltek EEG NeuroWorks OpenProducer Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested...
Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
Blender Sequencer avi_format_convert Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created .avi file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
InsideSecure MatrixSSL x509 certificate General Names Information Disclosure Vulnerability
Summary An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a...