Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2016/08/26 12:0 a.m.37 views

Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...

5.5CVSS5.3AI score0.0049EPSS
Exploits2
Talos
Talos
added 2016/08/06 12:0 a.m.37 views

LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability

Talos Vulnerability Report TALOS-2016-0173 LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability August 6, 2016 CVE Number CVE-2016-4336 Description An exploitable out of bounds write exists in the Bzip2 parsing of the Perspective Document Filters conversion...

9.8CVSS0.03833EPSS
Exploits2
Talos
Talos
added 2016/06/21 12:0 a.m.37 views

Pidgin MXIT Table Command Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0134 Pidgin MXIT Table Command Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2366 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...

5.9CVSS0.7AI score0.02483EPSS
Exploits1
Talos
Talos
added 2016/01/08 12:0 a.m.37 views

Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0019 Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7087 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of a samr atom in a .mov file...

6.8CVSS6.5AI score0.01648EPSS
Exploits0
Talos
Talos
added 2025/01/14 12:0 a.m.36 views

Wavlink AC3000 internet.cgi set_add_routing() command injection vulnerabilities

Talos Vulnerability Report TALOS-2024-2020 Wavlink AC3000 internet.cgi setaddrouting command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39764,CVE-2024-39765,CVE-2024-39763,CVE-2024-39762 SUMMARY Multiple OS command injection vulnerabilities exist in the internet.cgi...

9.1CVSS9.9AI score0.05876EPSS
Exploits4
Talos
Talos
added 2024/09/25 12:0 a.m.36 views

Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference

Talos Vulnerability Report TALOS-2024-2062 Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference September 25, 2024 CVE Number CVE-2024-38140 SUMMARY A memory corruption vulnerability exists in the Pragmatic General Multicast server in Microsoft Windows 10 Kerne...

9.8CVSS9.1AI score0.0381EPSS
Exploits0
Talos
Talos
added 2024/07/08 12:0 a.m.36 views

Realtek rtl819x Jungle SDK boa rollback_control_code stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1878 Realtek rtl819x Jungle SDK boa rollbackcontrolcode stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-49595 SUMMARY A stack-based buffer overflow vulnerability exists in the boa rollbackcontrolcode functionality of Realtek rtl819x...

7.2CVSS7.6AI score0.00893EPSS
Exploits0
Talos
Talos
added 2024/07/08 12:0 a.m.36 views

Realtek rtl819x Jungle SDK boa set_RadvdPrefixParam stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1892 Realtek rtl819x Jungle SDK boa setRadvdPrefixParam stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-47856 SUMMARY A stack-based buffer overflow vulnerability exists in the boa setRadvdPrefixParam functionality of Realtek rtl819x...

7.2CVSS7.8AI score0.01413EPSS
Exploits1
Talos
Talos
added 2024/05/28 12:0 a.m.36 views

AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability

Talos Vulnerability Report TALOS-2024-1941 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-23315 SUMMARY A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory...

7.5CVSS7.5AI score0.0096EPSS
Exploits1
Talos
Talos
added 2024/04/25 12:0 a.m.36 views

Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1924 Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22391 SUMMARY A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23....

9.8CVSS7.9AI score0.01394EPSS
Exploits1
Talos
Talos
added 2024/03/07 12:0 a.m.36 views

Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1887 Netgear RAX30 JSON Parsing getblockschedule stack-based buffer overflow vulnerability March 7, 2024 CVE Number CVE-2023-48725 SUMMARY A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule functionality of Netgear RAX30...

8.8CVSS7.2AI score0.19507EPSS
Exploits1
Talos
Talos
added 2024/02/15 12:0 a.m.36 views

Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1890 Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability February 15, 2024 CVE Number CVE-2024-20729 SUMMARY A use-after-free vulnerability exists in the Annot3D functionality of Adobe Acrobat Reader 2023.006.20380. A specially crafted...

7.8CVSS8.2AI score0.03389EPSS
Exploits0
Talos
Talos
added 2024/01/08 12:0 a.m.36 views

GTKWave LXT2 num_time_table_entries out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1819 GTKWave LXT2 numtimetableentries out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-34436 SUMMARY An out-of-bounds write vulnerability exists in the LXT2 numtimetableentries functionality of GTKWave 3.3.115. A specially crafted .lxt2...

7.8CVSS7.8AI score0.00432EPSS
Exploits1
Talos
Talos
added 2024/01/08 12:0 a.m.36 views

GTKWave FST FST_BL_GEOM parsing maxhandle integer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1777 GTKWave FST FSTBLGEOM parsing maxhandle integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-32650 SUMMARY An integer overflow vulnerability exists in the FSTBLGEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-b...

7.8CVSS7.7AI score0.0038EPSS
Exploits1
Talos
Talos
added 2023/10/12 12:0 a.m.36 views

SoftEther VPN vpnserver OvsProcessData denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1737 SoftEther VPN vpnserver OvsProcessData denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22308 SUMMARY An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A...

7.5CVSS7.5AI score0.00728EPSS
Exploits1
Talos
Talos
added 2023/10/11 12:0 a.m.36 views

peplink Surf SOHO HW1 admin.cgi USSD_send OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1780 peplink Surf SOHO HW1 admin.cgi USSDsend OS command injection vulnerability October 11, 2023 CVE Number CVE-2023-27380 SUMMARY An OS command injection vulnerability exists in the admin.cgi USSDsend functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A...

8.8CVSS8.3AI score0.05749EPSS
Exploits1
Talos
Talos
added 2023/10/06 12:0 a.m.36 views

Webkit MediaRecorder API stopRecording use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1831 Webkit MediaRecorder API stopRecording use-after-free vulnerability October 6, 2023 CVE Number CVE-2023-39928 SUMMARY A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this...

8.8CVSS9.2AI score0.01408EPSS
Exploits0
Talos
Talos
added 2023/07/21 12:0 a.m.36 views

Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities

Talos Vulnerability Report TALOS-2022-1665 Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities July 21, 2023 CVE Number CVE-2022-46289,CVE-2022-46290 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master...

9.8CVSS9.1AI score0.00816EPSS
Exploits2
Talos
Talos
added 2023/07/13 12:0 a.m.36 views

Apple DCERPC fixed array use after free vulnerability

Talos Vulnerability Report TALOS-2022-1689 Apple DCERPC fixed array use after free vulnerability July 13, 2023 CVE Number CVE-2023-27958 SUMMARY There exists a vulnerability in the fixed size array marshaling code of DCERPC library as used in Apple macOS 12.6.1 that can result in arbitrary code...

9.1CVSS9.3AI score0.01617EPSS
Exploits0
Talos
Talos
added 2023/07/13 12:0 a.m.36 views

Apple DCERPC packet stats buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1660 Apple DCERPC packet stats buffer overflow vulnerability July 13, 2023 CVE Number CVE-2023-23513 SUMMARY A buffer overflow vulnerability exists in the stats logging functionality of DCERPC library as used in Apple macOS 12.6.1 A specially-crafted network...

9.8CVSS9.4AI score0.01567EPSS
Exploits0
Talos
Talos
added 2023/07/05 12:0 a.m.36 views

Diagon GraphPlanar::Write improper array index validation vulnerability

Talos Vulnerability Report TALOS-2023-1745 Diagon GraphPlanar::Write improper array index validation vulnerability July 5, 2023 CVE Number CVE-2023-31194 SUMMARY An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted...

7.8CVSS6.3AI score0.00445EPSS
Exploits1
Talos
Talos
added 2023/03/30 12:0 a.m.36 views

ManageEngine OpManager Add UCS Device blind XXE vulnerability

Talos Vulnerability Report TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability March 30, 2023 CVE Number CVE-2022-43473 SUMMARY A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafte...

5.8CVSS5.5AI score0.19807EPSS
Exploits1
Talos
Talos
added 2023/01/18 12:0 a.m.36 views

Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1646 Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability January 18, 2023 CVE Number CVE-2022-40267 SUMMARY An authentication bypass vulnerability exists in the webserver session identifie...

9.1CVSS7.5AI score0.01182EPSS
Exploits0
Talos
Talos
added 2022/12/22 12:0 a.m.36 views

OpenImageIO PSD format image file directory denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1632 OpenImageIO PSD format image file directory denial of service vulnerability December 22, 2022 CVE Number CVE-2022-41684 SUMMARY A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory...

7.5CVSS7.5AI score0.00765EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.36 views

OpenImageIO DDS scanline parsing code execution vulnerability

Talos Vulnerability Report TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability December 22, 2022 CVE Number CVE-2022-41838 SUMMARY A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A...

9.8CVSS9.5AI score0.01813EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.36 views

OpenImageIO Exif out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1636 OpenImageIO Exif out-of-bounds write vulnerability December 22, 2022 CVE Number CVE-2022-41837 SUMMARY An out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of OpenImageIO Project OpenImageIO v2.4.4.2...

9.8CVSS9.4AI score0.01581EPSS
Exploits1
Talos
Talos
added 2022/11/10 12:0 a.m.36 views

Foxit Reader openPlayer use-after-free vulnerability

Talos Vulnerability Report TALOS-2022-1602 Foxit Reader openPlayer use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-37332 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted PDF document...

8.8CVSS8.1AI score0.0135EPSS
Exploits1
Talos
Talos
added 2022/10/27 12:0 a.m.36 views

Accusoft ImageGear PICT parsing pctwread_14841 out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1544 Accusoft ImageGear PICT parsing pctwread14841 out-of-bounds write vulnerability October 27, 2022 CVE Number CVE-2022-32588 SUMMARY An out-of-bounds write vulnerability exists in the PICT parsing pctwread14841 functionality of Accusoft ImageGear 20.0. A...

9.8CVSS8.1AI score0.00601EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.36 views

Abode Systems, Inc. iota All-In-One Security Kit ghome_process_control_packet format string injection vulnerability

Talos Vulnerability Report TALOS-2022-1584 Abode Systems, Inc. iota All-In-One Security Kit ghomeprocesscontrolpacket format string injection vulnerability October 20, 2022 CVE Number CVE-2022-33938 SUMMARY A format string injection vulnerability exists in the ghomeprocesscontrolpacket...

9.8CVSS9.2AI score0.00898EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.36 views

Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1562 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-30603 SUMMARY An OS command injection vulnerability exists in the web interface /action/iperf functionali...

10CVSS9.5AI score0.05332EPSS
Exploits1
Talos
Talos
added 2022/08/16 12:0 a.m.36 views

Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability

Talos Vulnerability Report TALOS-2022-1515 Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40733 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version...

6.5CVSS5.2AI score0.00816EPSS
Exploits1
Talos
Talos
added 2022/08/01 12:0 a.m.36 views

TCL LinkHub Mesh Wifi confsrv set_mf_rule stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1455 TCL LinkHub Mesh Wifi confsrv setmfrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23919,CVE-2022-23918 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mes...

9.8CVSS9.5AI score0.01096EPSS
Exploits2
Talos
Talos
added 2022/08/01 12:0 a.m.36 views

TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1482 TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-25996 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi...

9.8CVSS9.5AI score0.0104EPSS
Exploits1
Talos
Talos
added 2022/05/17 12:0 a.m.36 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXRANGE memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLINDEXRANGE functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to memory corruption. This vulnerability potentially could be triggered from guest machines running...

8.5CVSS8.5AI score0.01492EPSS
Exploits0
Talos
Talos
added 2022/01/11 12:0 a.m.36 views

Adobe Acrobat Reader DC annotation gestures integer overflow vulnerability

Summary An integer overflow vulnerability exists in the way Adobe Acrobat Reader DC 2021.007.20099 supports annotation interactions through JavaScript. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious...

9.3CVSS7.9AI score0.09979EPSS
Exploits0
Talos
Talos
added 2021/11/17 12:0 a.m.36 views

LibreCad libdxfrw dwgCompressor::decompress18() out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2021-1349 LibreCad libdxfrw dwgCompressor::decompress18 out-of-bounds write vulnerability November 17, 2021 CVE Number CVE-2021-21898 SUMMARY A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw...

8.8CVSS8.7AI score0.02515EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.36 views

Lantronix PremierWave 2050 Web Manager SslGenerateCSR OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.3AI score0.05271EPSS
Exploits1
Talos
Talos
added 2021/10/13 12:0 a.m.36 views

Nitro Pro PDF JavaScript local_file_path Object use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to co...

8.8CVSS8.1AI score0.15777EPSS
Exploits1
Talos
Talos
added 2020/12/18 12:0 a.m.36 views

Microsoft Azure Sphere networkd mdns denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the networkd mDNS functionality of Microsoft Azure Sphere 20.07. A specific bind call can cause a denial of service, requiring manual recovery. An attacker can bind to port 5353 to trigger this vulnerability. Tested Versions Microsoft Azure Sphe...

7.5AI score
Exploits0
Talos
Talos
added 2020/10/14 12:0 a.m.36 views

F2fs-Tools F2fs.Fsck dev_read Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this...

5.5CVSS5.2AI score0.01496EPSS
Exploits1
Talos
Talos
added 2020/07/14 12:0 a.m.36 views

Intel IGC64.DLL shader functionality DCL_INDEXABLETEMP code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...

9CVSS9.2AI score0.06903EPSS
Exploits0
Talos
Talos
added 2020/07/01 12:0 a.m.36 views

Leadtools Image Parser Animated Icon Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Leadtools ...

8.8CVSS8.5AI score0.02669EPSS
Exploits1
Talos
Talos
added 2020/06/02 12:0 a.m.36 views

Webkit fireEventListeners use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Tested...

8.8CVSS9.5AI score0.02824EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.36 views

Videolabs libmicrodns 0.1.0 message-parsing bounds denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would...

7.5CVSS7.9AI score0.02396EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.36 views

GStreamer gst-rtsp-server GstRTSPAuth Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.4AI score0.02872EPSS
Exploits1
Talos
Talos
added 2020/02/24 12:0 a.m.36 views

Moxa AWK-3131A iw_webs iw_serverip Parameter Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An...

8.8CVSS8.8AI score0.05136EPSS
Exploits1
Talos
Talos
added 2019/12/10 12:0 a.m.36 views

LEADTOOLS JPEG2000 Isot parsing Memory Corruption Vulnerability

Summary An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft ...

8.8CVSS8.9AI score0.02619EPSS
Exploits0
Talos
Talos
added 2019/12/03 12:0 a.m.36 views

Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...

7.4CVSS7.3AI score0.01379EPSS
Exploits1
Talos
Talos
added 2018/07/26 12:0 a.m.36 views

Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in the samsungWifiScan handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

9.6AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.36 views

Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...

9.9CVSS9.3AI score0.01242EPSS
Exploits2
Total number of security vulnerabilities2224