2224 matches found
Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service
Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...
LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability
Talos Vulnerability Report TALOS-2016-0173 LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability August 6, 2016 CVE Number CVE-2016-4336 Description An exploitable out of bounds write exists in the Bzip2 parsing of the Perspective Document Filters conversion...
Pidgin MXIT Table Command Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0134 Pidgin MXIT Table Command Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2366 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...
Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0019 Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7087 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of a samr atom in a .mov file...
Wavlink AC3000 internet.cgi set_add_routing() command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2020 Wavlink AC3000 internet.cgi setaddrouting command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39764,CVE-2024-39765,CVE-2024-39763,CVE-2024-39762 SUMMARY Multiple OS command injection vulnerabilities exist in the internet.cgi...
Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference
Talos Vulnerability Report TALOS-2024-2062 Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference September 25, 2024 CVE Number CVE-2024-38140 SUMMARY A memory corruption vulnerability exists in the Pragmatic General Multicast server in Microsoft Windows 10 Kerne...
Realtek rtl819x Jungle SDK boa rollback_control_code stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1878 Realtek rtl819x Jungle SDK boa rollbackcontrolcode stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-49595 SUMMARY A stack-based buffer overflow vulnerability exists in the boa rollbackcontrolcode functionality of Realtek rtl819x...
Realtek rtl819x Jungle SDK boa set_RadvdPrefixParam stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1892 Realtek rtl819x Jungle SDK boa setRadvdPrefixParam stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-47856 SUMMARY A stack-based buffer overflow vulnerability exists in the boa setRadvdPrefixParam functionality of Realtek rtl819x...
AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability
Talos Vulnerability Report TALOS-2024-1941 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability May 28, 2024 CVE Number CVE-2024-23315 SUMMARY A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory...
Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1924 Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22391 SUMMARY A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23....
Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1887 Netgear RAX30 JSON Parsing getblockschedule stack-based buffer overflow vulnerability March 7, 2024 CVE Number CVE-2023-48725 SUMMARY A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule functionality of Netgear RAX30...
Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1890 Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability February 15, 2024 CVE Number CVE-2024-20729 SUMMARY A use-after-free vulnerability exists in the Annot3D functionality of Adobe Acrobat Reader 2023.006.20380. A specially crafted...
GTKWave LXT2 num_time_table_entries out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1819 GTKWave LXT2 numtimetableentries out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-34436 SUMMARY An out-of-bounds write vulnerability exists in the LXT2 numtimetableentries functionality of GTKWave 3.3.115. A specially crafted .lxt2...
GTKWave FST FST_BL_GEOM parsing maxhandle integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1777 GTKWave FST FSTBLGEOM parsing maxhandle integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-32650 SUMMARY An integer overflow vulnerability exists in the FSTBLGEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-b...
SoftEther VPN vpnserver OvsProcessData denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1737 SoftEther VPN vpnserver OvsProcessData denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22308 SUMMARY An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A...
peplink Surf SOHO HW1 admin.cgi USSD_send OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1780 peplink Surf SOHO HW1 admin.cgi USSDsend OS command injection vulnerability October 11, 2023 CVE Number CVE-2023-27380 SUMMARY An OS command injection vulnerability exists in the admin.cgi USSDsend functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A...
Webkit MediaRecorder API stopRecording use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1831 Webkit MediaRecorder API stopRecording use-after-free vulnerability October 6, 2023 CVE Number CVE-2023-39928 SUMMARY A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this...
Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities
Talos Vulnerability Report TALOS-2022-1665 Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities July 21, 2023 CVE Number CVE-2022-46289,CVE-2022-46290 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master...
Apple DCERPC fixed array use after free vulnerability
Talos Vulnerability Report TALOS-2022-1689 Apple DCERPC fixed array use after free vulnerability July 13, 2023 CVE Number CVE-2023-27958 SUMMARY There exists a vulnerability in the fixed size array marshaling code of DCERPC library as used in Apple macOS 12.6.1 that can result in arbitrary code...
Apple DCERPC packet stats buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1660 Apple DCERPC packet stats buffer overflow vulnerability July 13, 2023 CVE Number CVE-2023-23513 SUMMARY A buffer overflow vulnerability exists in the stats logging functionality of DCERPC library as used in Apple macOS 12.6.1 A specially-crafted network...
Diagon GraphPlanar::Write improper array index validation vulnerability
Talos Vulnerability Report TALOS-2023-1745 Diagon GraphPlanar::Write improper array index validation vulnerability July 5, 2023 CVE Number CVE-2023-31194 SUMMARY An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted...
ManageEngine OpManager Add UCS Device blind XXE vulnerability
Talos Vulnerability Report TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability March 30, 2023 CVE Number CVE-2022-43473 SUMMARY A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafte...
Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1646 Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability January 18, 2023 CVE Number CVE-2022-40267 SUMMARY An authentication bypass vulnerability exists in the webserver session identifie...
OpenImageIO PSD format image file directory denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1632 OpenImageIO PSD format image file directory denial of service vulnerability December 22, 2022 CVE Number CVE-2022-41684 SUMMARY A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory...
OpenImageIO DDS scanline parsing code execution vulnerability
Talos Vulnerability Report TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability December 22, 2022 CVE Number CVE-2022-41838 SUMMARY A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A...
OpenImageIO Exif out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1636 OpenImageIO Exif out-of-bounds write vulnerability December 22, 2022 CVE Number CVE-2022-41837 SUMMARY An out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of OpenImageIO Project OpenImageIO v2.4.4.2...
Foxit Reader openPlayer use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1602 Foxit Reader openPlayer use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-37332 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. A specially-crafted PDF document...
Accusoft ImageGear PICT parsing pctwread_14841 out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1544 Accusoft ImageGear PICT parsing pctwread14841 out-of-bounds write vulnerability October 27, 2022 CVE Number CVE-2022-32588 SUMMARY An out-of-bounds write vulnerability exists in the PICT parsing pctwread14841 functionality of Accusoft ImageGear 20.0. A...
Abode Systems, Inc. iota All-In-One Security Kit ghome_process_control_packet format string injection vulnerability
Talos Vulnerability Report TALOS-2022-1584 Abode Systems, Inc. iota All-In-One Security Kit ghomeprocesscontrolpacket format string injection vulnerability October 20, 2022 CVE Number CVE-2022-33938 SUMMARY A format string injection vulnerability exists in the ghomeprocesscontrolpacket...
Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1562 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-30603 SUMMARY An OS command injection vulnerability exists in the web interface /action/iperf functionali...
Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1515 Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40733 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version...
TCL LinkHub Mesh Wifi confsrv set_mf_rule stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1455 TCL LinkHub Mesh Wifi confsrv setmfrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23919,CVE-2022-23918 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mes...
TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1482 TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-25996 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi...
NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXRANGE memory corruption vulnerability
Summary A memory corruption vulnerability exists in the shader DCLINDEXRANGE functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to memory corruption. This vulnerability potentially could be triggered from guest machines running...
Adobe Acrobat Reader DC annotation gestures integer overflow vulnerability
Summary An integer overflow vulnerability exists in the way Adobe Acrobat Reader DC 2021.007.20099 supports annotation interactions through JavaScript. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious...
LibreCad libdxfrw dwgCompressor::decompress18() out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2021-1349 LibreCad libdxfrw dwgCompressor::decompress18 out-of-bounds write vulnerability November 17, 2021 CVE Number CVE-2021-21898 SUMMARY A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw...
Lantronix PremierWave 2050 Web Manager SslGenerateCSR OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Nitro Pro PDF JavaScript local_file_path Object use-after-free vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to co...
Microsoft Azure Sphere networkd mdns denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the networkd mDNS functionality of Microsoft Azure Sphere 20.07. A specific bind call can cause a denial of service, requiring manual recovery. An attacker can bind to port 5353 to trigger this vulnerability. Tested Versions Microsoft Azure Sphe...
F2fs-Tools F2fs.Fsck dev_read Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this...
Intel IGC64.DLL shader functionality DCL_INDEXABLETEMP code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...
Leadtools Image Parser Animated Icon Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Leadtools ...
Webkit fireEventListeners use-after-free vulnerability
Summary An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Tested...
Videolabs libmicrodns 0.1.0 message-parsing bounds denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would...
GStreamer gst-rtsp-server GstRTSPAuth Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this...
Moxa AWK-3131A iw_webs iw_serverip Parameter Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An...
LEADTOOLS JPEG2000 Isot parsing Memory Corruption Vulnerability
Summary An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft ...
Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...
Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability
Summary Multiple exploitable buffer overflow vulnerabilities exist in the samsungWifiScan handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...
Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...