Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2020/03/23 12:0 a.m.36 views

Videolabs libmicrodns 0.1.0 message-parsing bounds denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would...

7.5CVSS7.9AI score0.02396EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.36 views

GStreamer gst-rtsp-server GstRTSPAuth Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.4AI score0.02872EPSS
Exploits1
Talos
Talos
added 2020/02/24 12:0 a.m.36 views

Moxa AWK-3131A iw_webs iw_serverip Parameter Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An...

8.8CVSS8.8AI score0.05136EPSS
Exploits1
Talos
Talos
added 2019/12/10 12:0 a.m.36 views

LEADTOOLS JPEG2000 Isot parsing Memory Corruption Vulnerability

Summary An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft ...

8.8CVSS8.9AI score0.02619EPSS
Exploits0
Talos
Talos
added 2019/12/03 12:0 a.m.36 views

Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...

7.4CVSS7.3AI score0.01379EPSS
Exploits1
Talos
Talos
added 2018/07/26 12:0 a.m.36 views

Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in the samsungWifiScan handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

9.6AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.36 views

Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...

9.9CVSS9.3AI score0.01242EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.36 views

Samsung SmartThings Hub video-core clips Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

9AI score
Exploits0
Talos
Talos
added 2018/04/19 12:0 a.m.36 views

Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.9AI score0.03411EPSS
Exploits2
Talos
Talos
added 2018/01/11 12:0 a.m.36 views

Blender Sequencer imb_load_dpx_cineon Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .cin file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

8.8CVSS7.9AI score0.01995EPSS
Exploits1
Talos
Talos
added 2018/01/11 12:0 a.m.36 views

Blender vcol_to_fcol Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

8.8CVSS8AI score0.02022EPSS
Exploits1
Talos
Talos
added 2018/01/11 12:0 a.m.36 views

Blender BKE_vfont_to_curve_ex Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the...

8.8CVSS8AI score0.01861EPSS
Exploits1
Talos
Talos
added 2017/11/13 12:0 a.m.36 views

Foscam IP Video Camera webService dyndns.com DDNS Client Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...

9.3CVSS8.3AI score0.0166EPSS
Exploits2
Talos
Talos
added 2017/11/13 12:0 a.m.36 views

Foscam IP Video Camera CGIProxy.fcgi logOut Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...

8.8CVSS8.1AI score0.02077EPSS
Exploits2
Talos
Talos
added 2017/10/31 12:0 a.m.36 views

Circle with Disney configure.xml Notifications Command Injection Vulnerability

Summary An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney 2.0...

9.9CVSS9.1AI score0.03245EPSS
Exploits2
Talos
Talos
added 2017/10/10 12:0 a.m.36 views

Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger thi...

8.8CVSS8.8AI score0.02656EPSS
Exploits1
Talos
Talos
added 2017/05/04 12:0 a.m.36 views

AntennaHouse DMC HTMLFilter UnCompressUnicode Code Execution Vulnerability

Summary An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS fil...

8.3CVSS8.5AI score0.01432EPSS
Exploits2
Talos
Talos
added 2017/04/26 12:0 a.m.36 views

IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability

IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability Summary An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation...

8.8CVSS8.8AI score0.01722EPSS
Exploits1
Talos
Talos
added 2017/04/10 12:0 a.m.36 views

Moxa AWK-3131A serviceAgent Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Tested Versions Moxa AWK-3131A...

5.3CVSS5.2AI score0.09265EPSS
Exploits2
Talos
Talos
added 2016/12/16 12:0 a.m.36 views

Joyent SmartOS Hyprlofs FS IOCTL Add Entries Native File System Denial of Service Vulnerability

Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit...

6.2CVSS6AI score0.00516EPSS
Exploits2
Talos
Talos
added 2016/07/18 12:0 a.m.36 views

Apple OS X Scene Kit DAE XML Code Execution Vulnerability

SUMMARY An exploitable type confusion vulnerability exists in the handling of DAE images on OS X. A crafted DAE document can trigger a type confusion vulnerability which potentially could be exploited to achieve attacker controlled code execution. Vulnerability can be triggered via a saved DAE fi...

7.8CVSS8AI score0.0221EPSS
Exploits1
Talos
Talos
added 2016/06/21 12:0 a.m.36 views

Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0119 Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability June 21, 2016 CVE Number CVE-2016-2377 DESCRIPTION A buffer vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentiall...

8.1CVSS6.8AI score0.02669EPSS
Exploits1
Talos
Talos
added 2016/06/19 12:0 a.m.36 views

Libarchive Rar RestartModel Code Execution Vulnerability

SUMMARY An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS...

7.8CVSS7.9AI score0.04757EPSS
Exploits2
Talos
Talos
added 2016/06/08 12:0 a.m.36 views

IBM Domino KeyView PDF Filter BaseFont Code Execution Vulnerability

Summary A heap buffer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While parsing a specially...

7.8CVSS8AI score0.02674EPSS
Exploits1
Talos
Talos
added 2016/02/08 12:0 a.m.36 views

Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0026 Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 Description An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who...

10CVSS10.1AI score0.06841EPSS
Exploits1
Talos
Talos
added 2016/01/19 12:0 a.m.36 views

Network Time Protocol Authenticated Preemptable Modes Denial-of-Service Vulnerability

CERT VU357792 Summary Expected Behavior: The protocol should prevent against off-path Denial of Service attacks in authenticated broadcast and other modes which create preemptable associations, such as: multicast client, manycast client, pool client modes, and associations configured with the...

7.5CVSS6.7AI score0.11887EPSS
Exploits0
Talos
Talos
added 2024/11/21 12:0 a.m.35 views

MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...

7.2CVSS8AI score0.10514EPSS
Exploits1
Talos
Talos
added 2024/10/03 12:0 a.m.35 views

Veertu Anka Build node agent update privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...

7.8CVSS8.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2024/08/19 12:0 a.m.35 views

Microsoft Teams (work or school) for macOS com.microsoft.teams2.modulehost.app helper app library injection vulnerability

Talos Vulnerability Report TALOS-2024-1991 Microsoft Teams work or school for macOS com.microsoft.teams2.modulehost.app helper app library injection vulnerability August 19, 2024 CVE Number CVE-2024-41138 SUMMARY A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app...

9.8CVSS6.6AI score0.00881EPSS
Exploits1
Talos
Talos
added 2024/07/03 12:0 a.m.35 views

Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1978 Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability July 3, 2024 CVE Number CVE-2024-32937 SUMMARY An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129,...

9.8CVSS8.7AI score0.26288EPSS
Exploits1
Talos
Talos
added 2024/05/28 12:0 a.m.35 views

libigl readOFF stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1929 libigl readOFF stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24686,CVE-2024-24685,CVE-2024-24684 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially...

7.8CVSS8AI score0.00745EPSS
Exploits0
Talos
Talos
added 2024/05/28 12:0 a.m.35 views

AutomationDirect P3-550E Programming Software Connection scan_lib.bin library code injection vulnerability

Talos Vulnerability Report TALOS-2024-1943 AutomationDirect P3-550E Programming Software Connection scanlib.bin library code injection vulnerability May 28, 2024 CVE Number CVE-2024-23601 SUMMARY A code injection vulnerability exists in the scanlib.bin functionality of AutomationDirect P3-550E...

9.8CVSS9.6AI score0.0072EPSS
Exploits0
Talos
Talos
added 2024/04/30 12:0 a.m.35 views

Foxit Reader Barcode widget Calculate event use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1958 Foxit Reader Barcode widget Calculate event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25938 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScrip...

8.8CVSS8.9AI score0.15639EPSS
Exploits1
Talos
Talos
added 2024/04/25 12:0 a.m.35 views

Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...

9.8CVSS8.2AI score0.01474EPSS
Exploits1
Talos
Talos
added 2024/04/10 12:0 a.m.35 views

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21972 SUMMARY An arbitrary write vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...

5.3CVSS5.8AI score0.00187EPSS
Exploits0
Talos
Talos
added 2024/02/28 12:0 a.m.35 views

Google Chrome Video Encoder Metrics denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1870 Google Chrome Video Encoder Metrics denial of service vulnerability February 28, 2024 CVE Number None SUMMARY A denial of service vulnerability exists in the Video Encoder Metrics functionality of Google Chrome Chrome Stable 119.0.6045.160 64-bit and...

7.5AI score
Exploits0
Talos
Talos
added 2024/02/26 12:0 a.m.35 views

llama.cpp GGUF library header.n_kv heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1916 llama.cpp GGUF library header.nkv heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23605 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A...

9.8CVSS8.8AI score0.01349EPSS
Exploits1
Talos
Talos
added 2024/02/20 12:0 a.m.35 views

The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1923 The Biosig Project libbiosig sopenFAMOSread use-after-free vulnerability February 20, 2024 CVE Number CVE-2024-23310 SUMMARY A use-after-free vulnerability exists in the sopenFAMOSread functionality of The Biosig Project libbiosig 2.5.0 and Master Branch...

9.8CVSS9.4AI score0.01703EPSS
Exploits1
Talos
Talos
added 2023/07/19 12:0 a.m.35 views

Foxit Reader Choice Field use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1739 Foxit Reader Choice Field use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-28744 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.1.15289. A specially crafted PDF document c...

8.8CVSS9.1AI score0.00898EPSS
Exploits1
Talos
Talos
added 2023/07/19 12:0 a.m.35 views

Foxit Reader checkThisBox type confusion vulnerability

Talos Vulnerability Report TALOS-2023-1795 Foxit Reader checkThisBox type confusion vulnerability July 19, 2023 CVE Number CVE-2023-32664 SUMMARY A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript...

8.8CVSS8.6AI score0.0088EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.35 views

Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1700 Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability July 6, 2023 CVE Number CVE-2023-22844 SUMMARY An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN...

9.8CVSS8.6AI score0.00759EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.35 views

OpenImageIO Project OpenImageIO DPXOutput::close() denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1652 OpenImageIO Project OpenImageIO DPXOutput::close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43593 SUMMARY A denial of service vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4....

5.9CVSS7.6AI score0.01325EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.35 views

Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1552 Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability October 20, 2022 CVE Number CVE-2022-27805 SUMMARY An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc...

9.8CVSS9.9AI score0.01291EPSS
Exploits0
Talos
Talos
added 2022/08/16 12:0 a.m.35 views

Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability

Talos Vulnerability Report TALOS-2022-1514 Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40732 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver...

7.5CVSS5.3AI score0.0074EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.35 views

Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability

Summary A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can...

7.5CVSS7.8AI score0.01093EPSS
Exploits1
Talos
Talos
added 2022/05/17 12:0 a.m.35 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_RESOURCE_STRUCTURED memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLRESOURCESTRUCTURED functionality of NVIDIA D3D10 Driver, version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to an out-of-bounds write. This vulnerability potentially could be triggered from guest...

8.5CVSS8.4AI score0.01492EPSS
Exploits0
Talos
Talos
added 2022/05/10 12:0 a.m.35 views

InHand Networks InRouter302 info.jsp cross-site scripting (XSS) vulnerability

Summary A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...

6.1CVSS6AI score0.01392EPSS
Exploits1
Talos
Talos
added 2022/02/16 12:0 a.m.35 views

KiCad EDA Gerber Viewer gerber and excellon coordinates parsing stack-based buffer overflow vulnerability

Summary Multiple stack-based buffer overflow vulnerabilities exist in the Gerber Viewer gerber and excellon coordinates parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a maliciou...

8.2AI score
Exploits0
Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Total number of security vulnerabilities2224