Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2017/11/15 12:0 a.m.37 views

libxls xls_appendSST Code Execution Vulnerability

Summary An exploitable integer overflow vulnerability exists in the xlsappendSST function of libxls 1.4. A specially crafted XLS file can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...

8.8CVSS8AI score0.02097EPSS
Exploits1
Talos
Talos
added 2017/10/31 12:0 a.m.37 views

Cesanta Mongoose MQTT SUBSCRIBE Topic Length Information Leak

Summary An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of=bounds memory read potentially resulting in information disclosure and denial of service. An...

8.2CVSS8AI score0.01311EPSS
Exploits1
Talos
Talos
added 2017/07/20 12:0 a.m.37 views

Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability

Summary An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a...

8.8CVSS8.4AI score0.02214EPSS
Exploits1
Talos
Talos
added 2017/06/19 12:0 a.m.37 views

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...

8.8CVSS9AI score0.06052EPSS
Exploits1
Talos
Talos
added 2017/05/04 12:0 a.m.37 views

AntennaHouse DMC HTMLFilter iBldDirInfo Code Execution Vulnerability

Summary An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to...

9.6CVSS9.4AI score0.01457EPSS
Exploits1
Talos
Talos
added 2017/04/10 12:0 a.m.37 views

Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability

Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...

8.8CVSS9AI score0.00536EPSS
Exploits2
Talos
Talos
added 2016/10/26 12:0 a.m.37 views

Iceni Argus ipNameAdd Code Execution Vulnerability

Summary An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability...

8.8CVSS8.4AI score0.02062EPSS
Exploits2
Talos
Talos
added 2016/08/26 12:0 a.m.37 views

Kaspersky Internet Security KLDISK Driver Multiple Kernel Memory Disclosure Vulnerabilities

Summary Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out of bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory...

5.5CVSS5.5AI score0.0067EPSS
Exploits2
Talos
Talos
added 2016/08/26 12:0 a.m.37 views

Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...

5.5CVSS5.3AI score0.0049EPSS
Exploits2
Talos
Talos
added 2016/08/06 12:0 a.m.37 views

LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability

Talos Vulnerability Report TALOS-2016-0173 LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability August 6, 2016 CVE Number CVE-2016-4336 Description An exploitable out of bounds write exists in the Bzip2 parsing of the Perspective Document Filters conversion...

9.8CVSS0.03833EPSS
Exploits2
Talos
Talos
added 2016/06/21 12:0 a.m.37 views

Pidgin MXIT Table Command Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0134 Pidgin MXIT Table Command Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2366 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...

5.9CVSS0.7AI score0.02483EPSS
Exploits1
Talos
Talos
added 2016/01/08 12:0 a.m.37 views

Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0019 Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7087 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of a samr atom in a .mov file...

6.8CVSS6.5AI score0.01648EPSS
Exploits0
Talos
Talos
added 2025/01/14 12:0 a.m.36 views

Wavlink AC3000 internet.cgi set_add_routing() command injection vulnerabilities

Talos Vulnerability Report TALOS-2024-2020 Wavlink AC3000 internet.cgi setaddrouting command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39764,CVE-2024-39765,CVE-2024-39763,CVE-2024-39762 SUMMARY Multiple OS command injection vulnerabilities exist in the internet.cgi...

9.1CVSS9.9AI score0.05876EPSS
Exploits4
Talos
Talos
added 2024/09/25 12:0 a.m.36 views

Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference

Talos Vulnerability Report TALOS-2024-2062 Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference September 25, 2024 CVE Number CVE-2024-38140 SUMMARY A memory corruption vulnerability exists in the Pragmatic General Multicast server in Microsoft Windows 10 Kerne...

9.8CVSS9.1AI score0.0381EPSS
Exploits0
Talos
Talos
added 2024/07/08 12:0 a.m.36 views

Realtek rtl819x Jungle SDK boa rollback_control_code stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1878 Realtek rtl819x Jungle SDK boa rollbackcontrolcode stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-49595 SUMMARY A stack-based buffer overflow vulnerability exists in the boa rollbackcontrolcode functionality of Realtek rtl819x...

7.2CVSS7.6AI score0.00893EPSS
Exploits0
Talos
Talos
added 2024/07/08 12:0 a.m.36 views

Realtek rtl819x Jungle SDK boa set_RadvdPrefixParam stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1892 Realtek rtl819x Jungle SDK boa setRadvdPrefixParam stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-47856 SUMMARY A stack-based buffer overflow vulnerability exists in the boa setRadvdPrefixParam functionality of Realtek rtl819x...

7.2CVSS7.8AI score0.01413EPSS
Exploits1
Talos
Talos
added 2024/05/28 12:0 a.m.36 views

AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability

Talos Vulnerability Report TALOS-2024-1941 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-23315 SUMMARY A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory...

7.5CVSS7.5AI score0.0096EPSS
Exploits1
Talos
Talos
added 2024/04/25 12:0 a.m.36 views

Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1924 Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22391 SUMMARY A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23....

9.8CVSS7.9AI score0.01394EPSS
Exploits1
Talos
Talos
added 2024/03/07 12:0 a.m.36 views

Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1887 Netgear RAX30 JSON Parsing getblockschedule stack-based buffer overflow vulnerability March 7, 2024 CVE Number CVE-2023-48725 SUMMARY A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule functionality of Netgear RAX30...

8.8CVSS7.2AI score0.19507EPSS
Exploits1
Talos
Talos
added 2024/02/20 12:0 a.m.36 views

The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability

Talos Vulnerability Report TALOS-2024-1919 The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability February 20, 2024 CVE Number CVE-2024-23809 SUMMARY A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project...

9.8CVSS9.3AI score0.01679EPSS
Exploits1
Talos
Talos
added 2024/02/15 12:0 a.m.36 views

Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1890 Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability February 15, 2024 CVE Number CVE-2024-20729 SUMMARY A use-after-free vulnerability exists in the Annot3D functionality of Adobe Acrobat Reader 2023.006.20380. A specially crafted...

7.8CVSS8.2AI score0.03389EPSS
Exploits0
Talos
Talos
added 2024/01/08 12:0 a.m.36 views

GTKWave LXT2 num_time_table_entries out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1819 GTKWave LXT2 numtimetableentries out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-34436 SUMMARY An out-of-bounds write vulnerability exists in the LXT2 numtimetableentries functionality of GTKWave 3.3.115. A specially crafted .lxt2...

7.8CVSS7.8AI score0.00432EPSS
Exploits1
Talos
Talos
added 2024/01/08 12:0 a.m.36 views

GTKWave FST FST_BL_GEOM parsing maxhandle integer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1777 GTKWave FST FSTBLGEOM parsing maxhandle integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-32650 SUMMARY An integer overflow vulnerability exists in the FSTBLGEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-b...

7.8CVSS7.7AI score0.0038EPSS
Exploits1
Talos
Talos
added 2023/10/12 12:0 a.m.36 views

SoftEther VPN vpnserver OvsProcessData denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1737 SoftEther VPN vpnserver OvsProcessData denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22308 SUMMARY An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A...

7.5CVSS7.5AI score0.00728EPSS
Exploits1
Talos
Talos
added 2023/10/11 12:0 a.m.36 views

peplink Surf SOHO HW1 admin.cgi USSD_send OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1780 peplink Surf SOHO HW1 admin.cgi USSDsend OS command injection vulnerability October 11, 2023 CVE Number CVE-2023-27380 SUMMARY An OS command injection vulnerability exists in the admin.cgi USSDsend functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A...

8.8CVSS8.3AI score0.05749EPSS
Exploits1
Talos
Talos
added 2023/08/10 12:0 a.m.36 views

NVIDIA D3D10 Driver Shader Functionality dcl_input index memory corruption vulnerability

Talos Vulnerability Report TALOS-2023-1720 NVIDIA D3D10 Driver Shader Functionality dclinput index memory corruption vulnerability August 10, 2023 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality of NVIDIA D3D10 Driver NVIDIA D3D10 Driver,...

8.8CVSS8.7AI score0.01387EPSS
Exploits0
Talos
Talos
added 2023/07/21 12:0 a.m.36 views

Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities

Talos Vulnerability Report TALOS-2022-1665 Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities July 21, 2023 CVE Number CVE-2022-46289,CVE-2022-46290 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master...

9.8CVSS9.1AI score0.00816EPSS
Exploits2
Talos
Talos
added 2023/07/13 12:0 a.m.36 views

Apple DCERPC packet stats buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1660 Apple DCERPC packet stats buffer overflow vulnerability July 13, 2023 CVE Number CVE-2023-23513 SUMMARY A buffer overflow vulnerability exists in the stats logging functionality of DCERPC library as used in Apple macOS 12.6.1 A specially-crafted network...

9.8CVSS9.4AI score0.01567EPSS
Exploits0
Talos
Talos
added 2023/07/13 12:0 a.m.36 views

Apple DCERPC fixed array use after free vulnerability

Talos Vulnerability Report TALOS-2022-1689 Apple DCERPC fixed array use after free vulnerability July 13, 2023 CVE Number CVE-2023-27958 SUMMARY There exists a vulnerability in the fixed size array marshaling code of DCERPC library as used in Apple macOS 12.6.1 that can result in arbitrary code...

9.1CVSS9.3AI score0.01617EPSS
Exploits0
Talos
Talos
added 2023/07/06 12:0 a.m.36 views

Milesight MilesightVPN liburvpn.so create_private_key OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1703 Milesight MilesightVPN liburvpn.so createprivatekey OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22371 SUMMARY An os command injection vulnerability exists in the liburvpn.so createprivatekey functionality of Milesight VPN v2.0.2. ...

8.1CVSS8.6AI score0.03444EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.36 views

Milesight UR32L libzebra.so bridge_group OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1698 Milesight UR32L libzebra.so bridgegroup OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22306 SUMMARY An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially...

7.2CVSS7.3AI score0.03577EPSS
Exploits1
Talos
Talos
added 2023/07/05 12:0 a.m.36 views

Diagon GraphPlanar::Write improper array index validation vulnerability

Talos Vulnerability Report TALOS-2023-1745 Diagon GraphPlanar::Write improper array index validation vulnerability July 5, 2023 CVE Number CVE-2023-31194 SUMMARY An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted...

7.8CVSS6.3AI score0.00445EPSS
Exploits1
Talos
Talos
added 2023/03/30 12:0 a.m.36 views

ManageEngine OpManager Add UCS Device blind XXE vulnerability

Talos Vulnerability Report TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability March 30, 2023 CVE Number CVE-2022-43473 SUMMARY A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafte...

5.8CVSS5.5AI score0.19807EPSS
Exploits1
Talos
Talos
added 2023/01/18 12:0 a.m.36 views

Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1646 Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability January 18, 2023 CVE Number CVE-2022-40267 SUMMARY An authentication bypass vulnerability exists in the webserver session identifie...

9.1CVSS7.5AI score0.01182EPSS
Exploits0
Talos
Talos
added 2022/12/22 12:0 a.m.36 views

OpenImageIO PSD format image file directory denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1632 OpenImageIO PSD format image file directory denial of service vulnerability December 22, 2022 CVE Number CVE-2022-41684 SUMMARY A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory...

7.5CVSS7.5AI score0.00765EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.36 views

OpenImageIO DDS scanline parsing code execution vulnerability

Talos Vulnerability Report TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability December 22, 2022 CVE Number CVE-2022-41838 SUMMARY A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A...

9.8CVSS9.5AI score0.01813EPSS
Exploits1
Talos
Talos
added 2022/11/10 12:0 a.m.36 views

Foxit Reader openPlayer use-after-free vulnerability

Talos Vulnerability Report TALOS-2022-1602 Foxit Reader openPlayer use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-37332 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted PDF document...

8.8CVSS8.1AI score0.0135EPSS
Exploits1
Talos
Talos
added 2022/10/27 12:0 a.m.36 views

Accusoft ImageGear PICT parsing pctwread_14841 out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1544 Accusoft ImageGear PICT parsing pctwread14841 out-of-bounds write vulnerability October 27, 2022 CVE Number CVE-2022-32588 SUMMARY An out-of-bounds write vulnerability exists in the PICT parsing pctwread14841 functionality of Accusoft ImageGear 20.0. A...

9.8CVSS8.1AI score0.00601EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.36 views

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1562 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-30603 SUMMARY An OS command injection vulnerability exists in the web interface /action/iperf functionali...

10CVSS9.5AI score0.05332EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.36 views

Abode Systems, Inc. iota All-In-One Security Kit ghome_process_control_packet format string injection vulnerability

Talos Vulnerability Report TALOS-2022-1584 Abode Systems, Inc. iota All-In-One Security Kit ghomeprocesscontrolpacket format string injection vulnerability October 20, 2022 CVE Number CVE-2022-33938 SUMMARY A format string injection vulnerability exists in the ghomeprocesscontrolpacket...

9.8CVSS9.2AI score0.00898EPSS
Exploits1
Talos
Talos
added 2022/08/16 12:0 a.m.36 views

Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability

Talos Vulnerability Report TALOS-2022-1515 Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40733 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version...

6.5CVSS5.2AI score0.00816EPSS
Exploits1
Talos
Talos
added 2022/08/01 12:0 a.m.36 views

TCL LinkHub Mesh Wifi confsrv set_mf_rule stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1455 TCL LinkHub Mesh Wifi confsrv setmfrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23919,CVE-2022-23918 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mes...

9.8CVSS9.5AI score0.01096EPSS
Exploits2
Talos
Talos
added 2022/08/01 12:0 a.m.36 views

TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1482 TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-25996 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi...

9.8CVSS9.5AI score0.0104EPSS
Exploits1
Talos
Talos
added 2022/07/18 12:0 a.m.36 views

Accusoft ImageGear PSD Header processing memory allocation out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

9.8CVSS9.1AI score0.01758EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.36 views

Lantronix PremierWave 2050 Web Manager SslGenerateCSR OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.3AI score0.05271EPSS
Exploits1
Talos
Talos
added 2021/10/13 12:0 a.m.36 views

Nitro Pro PDF JavaScript local_file_path Object use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to co...

8.8CVSS8.1AI score0.15777EPSS
Exploits1
Talos
Talos
added 2021/06/02 12:0 a.m.36 views

Apple macOS SMB server lock request infinite loop

Summary A resource exhaustion vulnerability exists in the SMB Server on Apple macOS 11.2. A specially crafted SMB packet can trigger an infinite loop which leads to maximum CPU utilization and denial of service. This vulnerability can be triggered by sending a malicious packet to the vulnerable...

5.9CVSS7.2AI score0.01623EPSS
Exploits0
Talos
Talos
added 2020/10/14 12:0 a.m.36 views

F2fs-Tools F2fs.Fsck dev_read Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this...

5.5CVSS5.2AI score0.01496EPSS
Exploits1
Talos
Talos
added 2020/07/14 12:0 a.m.36 views

Intel IGC64.DLL shader functionality DCL_INDEXABLETEMP code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...

9CVSS9.2AI score0.06903EPSS
Exploits0
Talos
Talos
added 2020/07/01 12:0 a.m.36 views

Leadtools Image Parser Animated Icon Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Leadtools ...

8.8CVSS8.5AI score0.02669EPSS
Exploits1
Total number of security vulnerabilities2224