2224 matches found
Ruby pack_pack Use After Free Vulnerability
Talos Vulnerability Report TALOS-2016-0033 Ruby packpack Use After Free Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable User After Free vulnerability exists in the packpack function of Ruby. In packpack function each element of array which should be “pack”, based o...
7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability
Summary An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution. Tested Versions 7-Zip 32 15.05 beta 7-Zip 64 9.20 Product URLs http://www.7-zip.org/ Details...
Network Time Protocol ntpd Reference Clock Impersonation Vulnerability
SUMMARY ntpd relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock 127.127.1.1 for example that reach...
Matroska libebml EbmlUnicodeString Heap Information Leak
Talos Vulnerability Report TALOS-2016-0036 Matroska libebml EbmlUnicodeString Heap Information Leak January 28, 2016 CVE Number CVE-2015-8790 Description A specially crafted unicode string can cause an off-by-few read on the heap in unicode string parsing code in libebml. This issue can potential...
Apple Quicktime Invalid alis Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0022 Apple Quicktime Invalid alis Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7117 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of an alis atom in a .mov file...
Pidgin libpurple Mxit Emoticon Name Length Integer Overflow Vulnerability
Talos Vulnerability Report VRT-2013-1002 Pidgin libpurple Mxit Emoticon Name Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6489 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the Mxit protocol in the libpurple...
Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1903 Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-50330 SUMMARY A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A...
Realtek rtl819x Jungle SDK boa setRepeaterSsid stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1891 Realtek rtl819x Jungle SDK boa setRepeaterSsid stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-45215 SUMMARY A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle...
WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2023-1882 WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting XSS vulnerability January 10, 2024 CVE Number CVE-2023-48730 SUMMARY A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev...
Foxit Reader Javascript exportDataObject HTA file creation vulnerability
Talos Vulnerability Report TALOS-2023-1834 Foxit Reader Javascript exportDataObject HTA file creation vulnerability November 27, 2023 CVE Number CVE-2023-35985 SUMMARY An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a...
Milesight UR32L ys_thirdparty system_user_script OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1713 Milesight UR32L ysthirdparty systemuserscript OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-24595 SUMMARY An OS command injection vulnerability exists in the ysthirdparty systemuserscript functionality of Milesight UR32L v32.3.0.5. ...
Diagon Sequence::DrawText heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1744 Diagon Sequence::DrawText heap-based buffer overflow vulnerability July 5, 2023 CVE Number CVE-2023-27390 SUMMARY A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown...
Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1727 Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability May 26, 2023 CVE Number CVE-2023-1424 SUMMARY A memory corruption vulnerability exists in the MELSOFT Direct functionality of Mitsubishi Electric Corporation...
OpenImageIO Project OpenImageIO TGAInput::read_tga2_header information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1707 OpenImageIO Project OpenImageIO TGAInput::readtga2header information disclosure vulnerability March 30, 2023 CVE Number CVE-2023-24473 SUMMARY An information disclosure vulnerability exists in the TGAInput::readtga2header functionality of OpenImageIO...
OpenImageIO RLE encoded BMP image out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1630 OpenImageIO RLE encoded BMP image out-of-bounds write vulnerability December 22, 2022 CVE Number CVE-2022-38143 SUMMARY A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted...
OpenImageIO TIFF IPTC decoding information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1643 OpenImageIO TIFF IPTC decoding information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41988 SUMMARY An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO...
OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1653 OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43594,CVE-2022-43595 SUMMARY Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageI...
Foxit Reader Optional Content Group use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1614 Foxit Reader Optional Content Group use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-40129 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted...
InHand Networks InRouter302 Incorrect fixes privilege escalation vulnerability
Talos Vulnerability Report TALOS-2022-1523 InHand Networks InRouter302 Incorrect fixes privilege escalation vulnerability October 27, 2022 CVE Number CVE-2022-25932 SUMMARY The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are...
Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1553 Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability October 20, 2022 CVE Number CVE-2022-29475 SUMMARY An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota...
Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1563 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-32586 SUMMARY An OS command injection vulnerability exists in the web interface...
TCL LinkHub Mesh Wifi confctl_get_master_wlan information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1504 TCL LinkHub Mesh Wifi confctlgetmasterwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27630 SUMMARY An information disclosure vulnerability exists in the confctlgetmasterwlan functionality of TCL LinkHub Mesh Wi-Fi...
TCL LinkHub Mesh Wifi confsrv set_port_fwd_rule stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1454 TCL LinkHub Mesh Wifi confsrv setportfwdrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23399 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setportfwdrule functionality of TCL LinkHub Mesh Wif...
TCL LinkHub Mesh Wifi confers ucloud_add_node_new stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1456 TCL LinkHub Mesh Wifi confers ucloudaddnodenew stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-21201 SUMMARY A stack-based buffer overflow vulnerability exists in the confers ucloudaddnodenew functionality of TCL LinkHub Mesh...
Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability
Summary A use-after-free vulnerability exists in the WebGPU functionality of Google Chrome 102.0.4956.0 Build 64-bit and 99.0.4844.82 Build 64-bit. A specially-crafted web page can lead to a use-after-free. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions Googl...
InHand Networks InRouter302 httpd upload.cgi file write vulnerability
Summary A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. Tested Versions InHand Networks...
Lansweeper lansweeper EchoAssets.aspx SQL injection vulnerability
Summary An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper lansweeper...
Gerbv RS-274X aperture macro outline primitive out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit d7f42a9a. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a...
Garrett Metal Detectors iC Module CMA CLI getenv command directory traversal vulnerability
Summary A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...
Garrett Metal Detectors iC Module CMA run_server_6877 authentication bypass vulnerability
Summary An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger th...
Lantronix PremierWave 2050 Web Manager SslGenerateCSR stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...
Ribbonsoft dxflib DL_Dxf::handleLWPolylineData heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1346 Ribbonsoft dxflib DLDxf::handleLWPolylineData heap-based buffer overflow vulnerability September 7, 2021 CVE Number CVE-2021-21897 SUMMARY A code execution vulnerability exists in the DLDxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0....
Win-911 mobile server platform privilege escalation vulnerability
Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other...
Allen-Bradley MicroLogix 1100 programmable logic controller systems IPv4 denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN...
Moxa AWK-3131A iw_webs User Configuration Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker ca...
LEADTOOLS libltdic.so DICOM receive code execution vulnerability
Summary An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerabilit...
WAGO e!Cockpit authentication hard-coded encryption key vulnerability
Summary A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. Test...
Samsung SmartThings Hub hubCore Google Breakpad backtrace.io information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to...
Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the camera “create” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the “state” field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...
NASA CFITSIO Multiple Stack Overflow Code Execution Vulnerabilities
Summary Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigg...
Natus Xltek EEG NeuroWorks NewProducerStream Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability...
Simple DirectMedia Layer SDL2_image load_xcf_tile_rle Decompression Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
libxls xls_appendSST Code Execution Vulnerability
Summary An exploitable integer overflow vulnerability exists in the xlsappendSST function of libxls 1.4. A specially crafted XLS file can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...
Cesanta Mongoose MQTT SUBSCRIBE Topic Length Information Leak
Summary An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of=bounds memory read potentially resulting in information disclosure and denial of service. An...
Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability
Summary An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a...
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...
AntennaHouse DMC HTMLFilter iBldDirInfo Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to...
Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability
Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...
Iceni Argus ipNameAdd Code Execution Vulnerability
Summary An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability...
Kaspersky Internet Security KLDISK Driver Multiple Kernel Memory Disclosure Vulnerabilities
Summary Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out of bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory...