Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2016/06/14 12:0 a.m.38 views

Ruby pack_pack Use After Free Vulnerability

Talos Vulnerability Report TALOS-2016-0033 Ruby packpack Use After Free Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable User After Free vulnerability exists in the packpack function of Ruby. In packpack function each element of array which should be “pack”, based o...

9.8CVSS9.5AI score0.04644EPSS
Exploits3
Talos
Talos
added 2016/05/10 12:0 a.m.38 views

7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability

Summary An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution. Tested Versions 7-Zip 32 15.05 beta 7-Zip 64 9.20 Product URLs http://www.7-zip.org/ Details...

8.8CVSS8.2AI score0.09795EPSS
Exploits2
Talos
Talos
added 2016/04/26 12:0 a.m.38 views

Network Time Protocol ntpd Reference Clock Impersonation Vulnerability

SUMMARY ntpd relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock 127.127.1.1 for example that reach...

3.7CVSS1.1AI score0.02233EPSS
Exploits1
Talos
Talos
added 2016/01/28 12:0 a.m.38 views

Matroska libebml EbmlUnicodeString Heap Information Leak

Talos Vulnerability Report TALOS-2016-0036 Matroska libebml EbmlUnicodeString Heap Information Leak January 28, 2016 CVE Number CVE-2015-8790 Description A specially crafted unicode string can cause an off-by-few read on the heap in unicode string parsing code in libebml. This issue can potential...

4.3CVSS4.8AI score0.01848EPSS
Exploits0
Talos
Talos
added 2016/01/08 12:0 a.m.38 views

Apple Quicktime Invalid alis Atom Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0022 Apple Quicktime Invalid alis Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7117 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of an alis atom in a .mov file...

6.8CVSS6.3AI score0.01691EPSS
Exploits0
Talos
Talos
added 2014/01/26 12:0 a.m.38 views

Pidgin libpurple Mxit Emoticon Name Length Integer Overflow Vulnerability

Talos Vulnerability Report VRT-2013-1002 Pidgin libpurple Mxit Emoticon Name Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6489 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the Mxit protocol in the libpurple...

5CVSS7.2AI score0.0581EPSS
Exploits0
Talos
Talos
added 2024/07/08 12:0 a.m.37 views

Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1903 Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-50330 SUMMARY A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A...

7.2CVSS7.6AI score0.01101EPSS
Exploits0
Talos
Talos
added 2024/07/08 12:0 a.m.37 views

Realtek rtl819x Jungle SDK boa setRepeaterSsid stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1891 Realtek rtl819x Jungle SDK boa setRepeaterSsid stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-45215 SUMMARY A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle...

7.2CVSS7.6AI score0.01041EPSS
Exploits0
Talos
Talos
added 2024/01/10 12:0 a.m.37 views

WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2023-1882 WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting XSS vulnerability January 10, 2024 CVE Number CVE-2023-48730 SUMMARY A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev...

8.5CVSS6.8AI score0.00581EPSS
Exploits0
Talos
Talos
added 2023/11/27 12:0 a.m.37 views

Foxit Reader Javascript exportDataObject HTA file creation vulnerability

Talos Vulnerability Report TALOS-2023-1834 Foxit Reader Javascript exportDataObject HTA file creation vulnerability November 27, 2023 CVE Number CVE-2023-35985 SUMMARY An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a...

8.8CVSS8.8AI score0.02673EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.37 views

Milesight UR32L ys_thirdparty system_user_script OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1713 Milesight UR32L ysthirdparty systemuserscript OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-24595 SUMMARY An OS command injection vulnerability exists in the ysthirdparty systemuserscript functionality of Milesight UR32L v32.3.0.5. ...

7.2CVSS7.5AI score0.0371EPSS
Exploits1
Talos
Talos
added 2023/07/05 12:0 a.m.37 views

Diagon Sequence::DrawText heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1744 Diagon Sequence::DrawText heap-based buffer overflow vulnerability July 5, 2023 CVE Number CVE-2023-27390 SUMMARY A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown...

7.8CVSS7.8AI score0.00522EPSS
Exploits1
Talos
Talos
added 2023/05/26 12:0 a.m.37 views

Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability

Talos Vulnerability Report TALOS-2023-1727 Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability May 26, 2023 CVE Number CVE-2023-1424 SUMMARY A memory corruption vulnerability exists in the MELSOFT Direct functionality of Mitsubishi Electric Corporation...

10CVSS9.2AI score0.0344EPSS
Exploits0
Talos
Talos
added 2023/03/30 12:0 a.m.37 views

OpenImageIO Project OpenImageIO TGAInput::read_tga2_header information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1707 OpenImageIO Project OpenImageIO TGAInput::readtga2header information disclosure vulnerability March 30, 2023 CVE Number CVE-2023-24473 SUMMARY An information disclosure vulnerability exists in the TGAInput::readtga2header functionality of OpenImageIO...

7.5CVSS6.2AI score0.00859EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.37 views

OpenImageIO RLE encoded BMP image out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1630 OpenImageIO RLE encoded BMP image out-of-bounds write vulnerability December 22, 2022 CVE Number CVE-2022-38143 SUMMARY A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted...

9.8CVSS9.6AI score0.01423EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.37 views

OpenImageIO TIFF IPTC decoding information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1643 OpenImageIO TIFF IPTC decoding information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41988 SUMMARY An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO...

7.5CVSS7AI score0.01169EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.37 views

OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1653 OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43594,CVE-2022-43595 SUMMARY Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageI...

5.9CVSS6.1AI score0.01266EPSS
Exploits2
Talos
Talos
added 2022/11/10 12:0 a.m.37 views

Foxit Reader Optional Content Group use-after-free vulnerability

Talos Vulnerability Report TALOS-2022-1614 Foxit Reader Optional Content Group use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-40129 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted...

8.8CVSS8.1AI score0.0098EPSS
Exploits1
Talos
Talos
added 2022/10/27 12:0 a.m.37 views

InHand Networks InRouter302 Incorrect fixes privilege escalation vulnerability

Talos Vulnerability Report TALOS-2022-1523 InHand Networks InRouter302 Incorrect fixes privilege escalation vulnerability October 27, 2022 CVE Number CVE-2022-25932 SUMMARY The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are...

9.8CVSS8.7AI score0.00642EPSS
Exploits0
Talos
Talos
added 2022/10/20 12:0 a.m.37 views

Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1553 Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability October 20, 2022 CVE Number CVE-2022-29475 SUMMARY An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota...

8.1CVSS5.9AI score0.00562EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.37 views

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1563 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-32586 SUMMARY An OS command injection vulnerability exists in the web interface...

8.8CVSS8.7AI score0.03787EPSS
Exploits1
Talos
Talos
added 2022/08/01 12:0 a.m.37 views

TCL LinkHub Mesh Wifi confctl_get_master_wlan information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1504 TCL LinkHub Mesh Wifi confctlgetmasterwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27630 SUMMARY An information disclosure vulnerability exists in the confctlgetmasterwlan functionality of TCL LinkHub Mesh Wi-Fi...

7.5CVSS6.7AI score0.0077EPSS
Exploits1
Talos
Talos
added 2022/08/01 12:0 a.m.37 views

TCL LinkHub Mesh Wifi confsrv set_port_fwd_rule stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1454 TCL LinkHub Mesh Wifi confsrv setportfwdrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23399 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setportfwdrule functionality of TCL LinkHub Mesh Wif...

9.8CVSS9.5AI score0.01088EPSS
Exploits1
Talos
Talos
added 2022/08/01 12:0 a.m.37 views

TCL LinkHub Mesh Wifi confers ucloud_add_node_new stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1456 TCL LinkHub Mesh Wifi confers ucloudaddnodenew stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-21201 SUMMARY A stack-based buffer overflow vulnerability exists in the confers ucloudaddnodenew functionality of TCL LinkHub Mesh...

8.8CVSS9.1AI score0.00843EPSS
Exploits1
Talos
Talos
added 2022/07/14 12:0 a.m.37 views

Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability

Summary A use-after-free vulnerability exists in the WebGPU functionality of Google Chrome 102.0.4956.0 Build 64-bit and 99.0.4844.82 Build 64-bit. A specially-crafted web page can lead to a use-after-free. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions Googl...

8.8CVSS8.8AI score0.00617EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.37 views

InHand Networks InRouter302 httpd upload.cgi file write vulnerability

Summary A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. Tested Versions InHand Networks...

9.9CVSS8.3AI score0.01741EPSS
Exploits1
Talos
Talos
added 2022/02/28 12:0 a.m.37 views

Lansweeper lansweeper EchoAssets.aspx SQL injection vulnerability

Summary An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper lansweeper...

9.1CVSS8.7AI score0.72601EPSS
Exploits1
Talos
Talos
added 2022/02/28 12:0 a.m.37 views

Gerbv RS-274X aperture macro outline primitive out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit d7f42a9a. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a...

9.3CVSS7.6AI score0.01357EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.37 views

Garrett Metal Detectors iC Module CMA CLI getenv command directory traversal vulnerability

Summary A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...

4.9CVSS6.7AI score0.01423EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.37 views

Garrett Metal Detectors iC Module CMA run_server_6877 authentication bypass vulnerability

Summary An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger th...

9.3CVSS8.1AI score0.01723EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.37 views

Lantronix PremierWave 2050 Web Manager SslGenerateCSR stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...

9.1CVSS9.6AI score0.02989EPSS
Exploits1
Talos
Talos
added 2021/09/07 12:0 a.m.37 views

Ribbonsoft dxflib DL_Dxf::handleLWPolylineData heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1346 Ribbonsoft dxflib DLDxf::handleLWPolylineData heap-based buffer overflow vulnerability September 7, 2021 CVE Number CVE-2021-21897 SUMMARY A code execution vulnerability exists in the DLDxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0....

8.8CVSS8.8AI score0.02885EPSS
Exploits1
Talos
Talos
added 2021/01/04 12:0 a.m.37 views

Win-911 mobile server platform privilege escalation vulnerability

Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other...

9.3CVSS9.2AI score0.00608EPSS
Exploits1
Talos
Talos
added 2020/10/13 12:0 a.m.37 views

Allen-Bradley MicroLogix 1100 programmable logic controller systems IPv4 denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN...

7.5CVSS7.5AI score0.04584EPSS
Exploits0
Talos
Talos
added 2020/02/24 12:0 a.m.37 views

Moxa AWK-3131A iw_webs User Configuration Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker ca...

9.9CVSS9AI score0.04557EPSS
Exploits1
Talos
Talos
added 2019/12/10 12:0 a.m.37 views

LEADTOOLS libltdic.so DICOM receive code execution vulnerability

Summary An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerabilit...

9.8CVSS9.6AI score0.03366EPSS
Exploits0
Talos
Talos
added 2019/03/09 12:0 a.m.37 views

WAGO e!Cockpit authentication hard-coded encryption key vulnerability

Summary A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. Test...

5.5CVSS5.8AI score0.00335EPSS
Exploits1
Talos
Talos
added 2018/07/26 12:0 a.m.37 views

Samsung SmartThings Hub hubCore Google Breakpad backtrace.io information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to...

6.8CVSS6AI score0.01138EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.37 views

Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “create” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the “state” field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

9.9CVSS9.3AI score0.01489EPSS
Exploits2
Talos
Talos
added 2018/04/12 12:0 a.m.37 views

NASA CFITSIO Multiple Stack Overflow Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigg...

8.8CVSS8.9AI score0.03074EPSS
Exploits1
Talos
Talos
added 2018/04/04 12:0 a.m.37 views

Natus Xltek EEG NeuroWorks NewProducerStream Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability...

10CVSS9.8AI score0.02631EPSS
Exploits0
Talos
Talos
added 2018/03/01 12:0 a.m.37 views

Simple DirectMedia Layer SDL2_image load_xcf_tile_rle Decompression Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS8.8AI score0.02395EPSS
Exploits0
Talos
Talos
added 2017/11/15 12:0 a.m.37 views

libxls xls_appendSST Code Execution Vulnerability

Summary An exploitable integer overflow vulnerability exists in the xlsappendSST function of libxls 1.4. A specially crafted XLS file can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...

8.8CVSS8AI score0.02097EPSS
Exploits1
Talos
Talos
added 2017/10/31 12:0 a.m.37 views

Cesanta Mongoose MQTT SUBSCRIBE Topic Length Information Leak

Summary An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of=bounds memory read potentially resulting in information disclosure and denial of service. An...

8.2CVSS8AI score0.01311EPSS
Exploits1
Talos
Talos
added 2017/07/20 12:0 a.m.37 views

Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability

Summary An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a...

8.8CVSS8.4AI score0.02214EPSS
Exploits1
Talos
Talos
added 2017/06/19 12:0 a.m.37 views

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...

8.8CVSS9AI score0.06052EPSS
Exploits1
Talos
Talos
added 2017/05/04 12:0 a.m.37 views

AntennaHouse DMC HTMLFilter iBldDirInfo Code Execution Vulnerability

Summary An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to...

9.6CVSS9.4AI score0.01457EPSS
Exploits1
Talos
Talos
added 2017/04/10 12:0 a.m.37 views

Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability

Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...

8.8CVSS9AI score0.00536EPSS
Exploits2
Talos
Talos
added 2016/10/26 12:0 a.m.37 views

Iceni Argus ipNameAdd Code Execution Vulnerability

Summary An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability...

8.8CVSS8.4AI score0.02062EPSS
Exploits2
Talos
Talos
added 2016/08/26 12:0 a.m.37 views

Kaspersky Internet Security KLDISK Driver Multiple Kernel Memory Disclosure Vulnerabilities

Summary Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out of bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory...

5.5CVSS5.5AI score0.0067EPSS
Exploits2
Total number of security vulnerabilities2224