2224 matches found
Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Blender Sequencer imb_load_dpx_cineon Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .cin file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Blender BKE_vfont_to_curve_ex Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the...
Blender BKE_image_acquire_ibuf Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Blender vcol_to_fcol Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Foscam IP Video Camera webService dyndns.com DDNS Client Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...
Foscam IP Video Camera CGIProxy.fcgi logOut Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...
Circle with Disney configure.xml Notifications Command Injection Vulnerability
Summary An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney 2.0...
Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger thi...
AntennaHouse DMC HTMLFilter UnCompressUnicode Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS fil...
IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability
IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability Summary An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation...
Moxa AWK-3131A serviceAgent Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Tested Versions Moxa AWK-3131A...
Joyent SmartOS Hyprlofs FS IOCTL Add Entries Native File System Denial of Service Vulnerability
Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit...
Apple OS X Scene Kit DAE XML Code Execution Vulnerability
SUMMARY An exploitable type confusion vulnerability exists in the handling of DAE images on OS X. A crafted DAE document can trigger a type confusion vulnerability which potentially could be exploited to achieve attacker controlled code execution. Vulnerability can be triggered via a saved DAE fi...
Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability
Talos Vulnerability Report TALOS-2016-0119 Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability June 21, 2016 CVE Number CVE-2016-2377 DESCRIPTION A buffer vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentiall...
Libarchive Rar RestartModel Code Execution Vulnerability
SUMMARY An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS...
IBM Domino KeyView PDF Filter BaseFont Code Execution Vulnerability
Summary A heap buffer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While parsing a specially...
Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0026 Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 Description An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who...
Network Time Protocol Authenticated Preemptable Modes Denial-of-Service Vulnerability
CERT VU357792 Summary Expected Behavior: The protocol should prevent against off-path Denial of Service attacks in authenticated broadcast and other modes which create preemptable associations, such as: multicast client, manycast client, pool client modes, and associations configured with the...
MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...
Veertu Anka Build node agent update privilege escalation vulnerability
Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...
Microsoft Teams (work or school) for macOS com.microsoft.teams2.modulehost.app helper app library injection vulnerability
Talos Vulnerability Report TALOS-2024-1991 Microsoft Teams work or school for macOS com.microsoft.teams2.modulehost.app helper app library injection vulnerability August 19, 2024 CVE Number CVE-2024-41138 SUMMARY A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app...
Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1978 Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability July 3, 2024 CVE Number CVE-2024-32937 SUMMARY An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129,...
libigl readOFF stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1929 libigl readOFF stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24686,CVE-2024-24685,CVE-2024-24684 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially...
Foxit Reader Barcode widget Calculate event use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1958 Foxit Reader Barcode widget Calculate event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25938 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScrip...
Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability
Talos Vulnerability Report TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21972 SUMMARY An arbitrary write vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...
Google Chrome Video Encoder Metrics denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1870 Google Chrome Video Encoder Metrics denial of service vulnerability February 28, 2024 CVE Number None SUMMARY A denial of service vulnerability exists in the Video Encoder Metrics functionality of Google Chrome Chrome Stable 119.0.6045.160 64-bit and...
llama.cpp GGUF library header.n_kv heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1916 llama.cpp GGUF library header.nkv heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23605 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A...
The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability
Talos Vulnerability Report TALOS-2024-1919 The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability February 20, 2024 CVE Number CVE-2024-23809 SUMMARY A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project...
NVIDIA D3D10 Driver Shader Functionality dcl_input index memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1720 NVIDIA D3D10 Driver Shader Functionality dclinput index memory corruption vulnerability August 10, 2023 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality of NVIDIA D3D10 Driver NVIDIA D3D10 Driver,...
Foxit Reader Choice Field use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1739 Foxit Reader Choice Field use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-28744 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.1.15289. A specially crafted PDF document c...
Foxit Reader checkThisBox type confusion vulnerability
Talos Vulnerability Report TALOS-2023-1795 Foxit Reader checkThisBox type confusion vulnerability July 19, 2023 CVE Number CVE-2023-32664 SUMMARY A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript...
Milesight UR32L libzebra.so bridge_group OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1698 Milesight UR32L libzebra.so bridgegroup OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22306 SUMMARY An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially...
Milesight MilesightVPN liburvpn.so create_private_key OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1703 Milesight MilesightVPN liburvpn.so createprivatekey OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22371 SUMMARY An os command injection vulnerability exists in the liburvpn.so createprivatekey functionality of Milesight VPN v2.0.2. ...
Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1700 Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability July 6, 2023 CVE Number CVE-2023-22844 SUMMARY An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN...
ManageEngine OpManager Add UCS Device blind XXE vulnerability
Talos Vulnerability Report TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability March 30, 2023 CVE Number CVE-2022-43473 SUMMARY A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafte...
OpenImageIO Project OpenImageIO DPXOutput::close() denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1652 OpenImageIO Project OpenImageIO DPXOutput::close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43593 SUMMARY A denial of service vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4....
Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1552 Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability October 20, 2022 CVE Number CVE-2022-27805 SUMMARY An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc...
Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1514 Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40732 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver...
Accusoft ImageGear PSD Header processing memory allocation out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...
Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability
Summary A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can...
NVIDIA nvwgf2umx_cfg.dll shader DCL_RESOURCE_STRUCTURED memory corruption vulnerability
Summary A memory corruption vulnerability exists in the shader DCLRESOURCESTRUCTURED functionality of NVIDIA D3D10 Driver, version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to an out-of-bounds write. This vulnerability potentially could be triggered from guest...
InHand Networks InRouter302 info.jsp cross-site scripting (XSS) vulnerability
Summary A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...
Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...
Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...
Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a maliciou...
Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
Apple macOS SMB server lock request infinite loop
Summary A resource exhaustion vulnerability exists in the SMB Server on Apple macOS 11.2. A specially crafted SMB packet can trigger an infinite loop which leads to maximum CPU utilization and denial of service. This vulnerability can be triggered by sending a malicious packet to the vulnerable...
Apple macOS SMB server signature verification information disclosure vulnerability
Summary An information disclosure vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger an integer overflow, leading to information disclosure, cryptographic check bypass and denial of service. This vulnerability can be triggered by sending a maliciou...