Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2018/04/19 12:0 a.m.36 views

Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.9AI score0.03411EPSS
Exploits2
Talos
Talos
added 2018/01/11 12:0 a.m.36 views

Blender Sequencer imb_load_dpx_cineon Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .cin file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

8.8CVSS7.9AI score0.01995EPSS
Exploits1
Talos
Talos
added 2018/01/11 12:0 a.m.36 views

Blender BKE_vfont_to_curve_ex Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the...

8.8CVSS8AI score0.01861EPSS
Exploits1
Talos
Talos
added 2018/01/11 12:0 a.m.36 views

Blender BKE_image_acquire_ibuf Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

8.8CVSS7.8AI score0.0265EPSS
Exploits1
Talos
Talos
added 2018/01/11 12:0 a.m.36 views

Blender vcol_to_fcol Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

8.8CVSS8AI score0.02022EPSS
Exploits1
Talos
Talos
added 2017/11/13 12:0 a.m.36 views

Foscam IP Video Camera webService dyndns.com DDNS Client Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...

9.3CVSS8.3AI score0.0166EPSS
Exploits2
Talos
Talos
added 2017/11/13 12:0 a.m.36 views

Foscam IP Video Camera CGIProxy.fcgi logOut Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...

8.8CVSS8.1AI score0.02077EPSS
Exploits2
Talos
Talos
added 2017/10/31 12:0 a.m.36 views

Circle with Disney configure.xml Notifications Command Injection Vulnerability

Summary An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney 2.0...

9.9CVSS9.1AI score0.03245EPSS
Exploits2
Talos
Talos
added 2017/10/10 12:0 a.m.36 views

Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger thi...

8.8CVSS8.8AI score0.02656EPSS
Exploits1
Talos
Talos
added 2017/05/04 12:0 a.m.36 views

AntennaHouse DMC HTMLFilter UnCompressUnicode Code Execution Vulnerability

Summary An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS fil...

8.3CVSS8.5AI score0.01432EPSS
Exploits2
Talos
Talos
added 2017/04/26 12:0 a.m.36 views

IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability

IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability Summary An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation...

8.8CVSS8.8AI score0.01722EPSS
Exploits1
Talos
Talos
added 2017/04/10 12:0 a.m.36 views

Moxa AWK-3131A serviceAgent Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Tested Versions Moxa AWK-3131A...

5.3CVSS5.2AI score0.09265EPSS
Exploits2
Talos
Talos
added 2016/12/16 12:0 a.m.36 views

Joyent SmartOS Hyprlofs FS IOCTL Add Entries Native File System Denial of Service Vulnerability

Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit...

6.2CVSS6AI score0.00516EPSS
Exploits2
Talos
Talos
added 2016/07/18 12:0 a.m.36 views

Apple OS X Scene Kit DAE XML Code Execution Vulnerability

SUMMARY An exploitable type confusion vulnerability exists in the handling of DAE images on OS X. A crafted DAE document can trigger a type confusion vulnerability which potentially could be exploited to achieve attacker controlled code execution. Vulnerability can be triggered via a saved DAE fi...

7.8CVSS8AI score0.0221EPSS
Exploits1
Talos
Talos
added 2016/06/21 12:0 a.m.36 views

Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0119 Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability June 21, 2016 CVE Number CVE-2016-2377 DESCRIPTION A buffer vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentiall...

8.1CVSS6.8AI score0.02669EPSS
Exploits1
Talos
Talos
added 2016/06/19 12:0 a.m.36 views

Libarchive Rar RestartModel Code Execution Vulnerability

SUMMARY An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS...

7.8CVSS7.9AI score0.04757EPSS
Exploits2
Talos
Talos
added 2016/06/08 12:0 a.m.36 views

IBM Domino KeyView PDF Filter BaseFont Code Execution Vulnerability

Summary A heap buffer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While parsing a specially...

7.8CVSS8AI score0.02674EPSS
Exploits1
Talos
Talos
added 2016/02/08 12:0 a.m.36 views

Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0026 Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 Description An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who...

10CVSS10.1AI score0.06841EPSS
Exploits1
Talos
Talos
added 2016/01/19 12:0 a.m.36 views

Network Time Protocol Authenticated Preemptable Modes Denial-of-Service Vulnerability

CERT VU357792 Summary Expected Behavior: The protocol should prevent against off-path Denial of Service attacks in authenticated broadcast and other modes which create preemptable associations, such as: multicast client, manycast client, pool client modes, and associations configured with the...

7.5CVSS6.7AI score0.11887EPSS
Exploits0
Talos
Talos
added 2024/11/21 12:0 a.m.35 views

MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...

7.2CVSS8AI score0.10514EPSS
Exploits1
Talos
Talos
added 2024/10/03 12:0 a.m.35 views

Veertu Anka Build node agent update privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...

7.8CVSS8.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2024/08/19 12:0 a.m.35 views

Microsoft Teams (work or school) for macOS com.microsoft.teams2.modulehost.app helper app library injection vulnerability

Talos Vulnerability Report TALOS-2024-1991 Microsoft Teams work or school for macOS com.microsoft.teams2.modulehost.app helper app library injection vulnerability August 19, 2024 CVE Number CVE-2024-41138 SUMMARY A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app...

9.8CVSS6.6AI score0.00881EPSS
Exploits1
Talos
Talos
added 2024/07/03 12:0 a.m.35 views

Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1978 Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability July 3, 2024 CVE Number CVE-2024-32937 SUMMARY An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129,...

9.8CVSS8.7AI score0.26288EPSS
Exploits1
Talos
Talos
added 2024/05/28 12:0 a.m.35 views

libigl readOFF stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1929 libigl readOFF stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24686,CVE-2024-24685,CVE-2024-24684 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially...

7.8CVSS8AI score0.00745EPSS
Exploits0
Talos
Talos
added 2024/04/30 12:0 a.m.35 views

Foxit Reader Barcode widget Calculate event use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1958 Foxit Reader Barcode widget Calculate event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25938 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScrip...

8.8CVSS8.9AI score0.15639EPSS
Exploits1
Talos
Talos
added 2024/04/25 12:0 a.m.35 views

Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...

9.8CVSS8.2AI score0.01474EPSS
Exploits1
Talos
Talos
added 2024/04/10 12:0 a.m.35 views

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21972 SUMMARY An arbitrary write vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...

5.3CVSS5.8AI score0.00187EPSS
Exploits0
Talos
Talos
added 2024/02/28 12:0 a.m.35 views

Google Chrome Video Encoder Metrics denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1870 Google Chrome Video Encoder Metrics denial of service vulnerability February 28, 2024 CVE Number None SUMMARY A denial of service vulnerability exists in the Video Encoder Metrics functionality of Google Chrome Chrome Stable 119.0.6045.160 64-bit and...

7.5AI score
Exploits0
Talos
Talos
added 2024/02/26 12:0 a.m.35 views

llama.cpp GGUF library header.n_kv heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1916 llama.cpp GGUF library header.nkv heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23605 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A...

9.8CVSS8.8AI score0.01349EPSS
Exploits1
Talos
Talos
added 2024/02/20 12:0 a.m.35 views

The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability

Talos Vulnerability Report TALOS-2024-1919 The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability February 20, 2024 CVE Number CVE-2024-23809 SUMMARY A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project...

9.8CVSS9.3AI score0.01679EPSS
Exploits1
Talos
Talos
added 2023/08/10 12:0 a.m.35 views

NVIDIA D3D10 Driver Shader Functionality dcl_input index memory corruption vulnerability

Talos Vulnerability Report TALOS-2023-1720 NVIDIA D3D10 Driver Shader Functionality dclinput index memory corruption vulnerability August 10, 2023 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality of NVIDIA D3D10 Driver NVIDIA D3D10 Driver,...

8.8CVSS8.7AI score0.01387EPSS
Exploits0
Talos
Talos
added 2023/07/19 12:0 a.m.35 views

Foxit Reader Choice Field use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1739 Foxit Reader Choice Field use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-28744 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.1.15289. A specially crafted PDF document c...

8.8CVSS9.1AI score0.00898EPSS
Exploits1
Talos
Talos
added 2023/07/19 12:0 a.m.35 views

Foxit Reader checkThisBox type confusion vulnerability

Talos Vulnerability Report TALOS-2023-1795 Foxit Reader checkThisBox type confusion vulnerability July 19, 2023 CVE Number CVE-2023-32664 SUMMARY A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript...

8.8CVSS8.6AI score0.0088EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.35 views

Milesight UR32L libzebra.so bridge_group OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1698 Milesight UR32L libzebra.so bridgegroup OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22306 SUMMARY An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially...

7.2CVSS7.3AI score0.03577EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.35 views

Milesight MilesightVPN liburvpn.so create_private_key OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1703 Milesight MilesightVPN liburvpn.so createprivatekey OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22371 SUMMARY An os command injection vulnerability exists in the liburvpn.so createprivatekey functionality of Milesight VPN v2.0.2. ...

8.1CVSS8.6AI score0.03444EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.35 views

Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1700 Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability July 6, 2023 CVE Number CVE-2023-22844 SUMMARY An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN...

9.8CVSS8.6AI score0.00759EPSS
Exploits1
Talos
Talos
added 2023/03/30 12:0 a.m.35 views

ManageEngine OpManager Add UCS Device blind XXE vulnerability

Talos Vulnerability Report TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability March 30, 2023 CVE Number CVE-2022-43473 SUMMARY A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafte...

5.8CVSS5.5AI score0.19807EPSS
Exploits1
Talos
Talos
added 2022/12/22 12:0 a.m.35 views

OpenImageIO Project OpenImageIO DPXOutput::close() denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1652 OpenImageIO Project OpenImageIO DPXOutput::close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43593 SUMMARY A denial of service vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4....

5.9CVSS7.6AI score0.01325EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.35 views

Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1552 Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability October 20, 2022 CVE Number CVE-2022-27805 SUMMARY An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc...

9.8CVSS9.9AI score0.01291EPSS
Exploits0
Talos
Talos
added 2022/08/16 12:0 a.m.35 views

Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability

Talos Vulnerability Report TALOS-2022-1514 Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40732 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver...

7.5CVSS5.3AI score0.0074EPSS
Exploits1
Talos
Talos
added 2022/07/18 12:0 a.m.35 views

Accusoft ImageGear PSD Header processing memory allocation out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

9.8CVSS9.1AI score0.01758EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.35 views

Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability

Summary A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can...

7.5CVSS7.8AI score0.01093EPSS
Exploits1
Talos
Talos
added 2022/05/17 12:0 a.m.35 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_RESOURCE_STRUCTURED memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLRESOURCESTRUCTURED functionality of NVIDIA D3D10 Driver, version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to an out-of-bounds write. This vulnerability potentially could be triggered from guest...

8.5CVSS8.4AI score0.01492EPSS
Exploits0
Talos
Talos
added 2022/05/10 12:0 a.m.35 views

InHand Networks InRouter302 info.jsp cross-site scripting (XSS) vulnerability

Summary A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...

6.1CVSS6AI score0.01392EPSS
Exploits1
Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2021/12/06 12:0 a.m.35 views

Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a maliciou...

10CVSS9.6AI score0.03064EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.35 views

Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

9.9CVSS8.6AI score0.03656EPSS
Exploits1
Talos
Talos
added 2021/06/02 12:0 a.m.35 views

Apple macOS SMB server lock request infinite loop

Summary A resource exhaustion vulnerability exists in the SMB Server on Apple macOS 11.2. A specially crafted SMB packet can trigger an infinite loop which leads to maximum CPU utilization and denial of service. This vulnerability can be triggered by sending a malicious packet to the vulnerable...

5.9CVSS7.2AI score0.01623EPSS
Exploits0
Talos
Talos
added 2021/05/19 12:0 a.m.35 views

Apple macOS SMB server signature verification information disclosure vulnerability

Summary An information disclosure vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger an integer overflow, leading to information disclosure, cryptographic check bypass and denial of service. This vulnerability can be triggered by sending a maliciou...

6.5CVSS7.7AI score0.01825EPSS
Exploits0
Total number of security vulnerabilities2224