2224 matches found
Videolabs libmicrodns 0.1.0 message-parsing bounds denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would...
GStreamer gst-rtsp-server GstRTSPAuth Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this...
Moxa AWK-3131A iw_webs iw_serverip Parameter Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An...
LEADTOOLS JPEG2000 Isot parsing Memory Corruption Vulnerability
Summary An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft ...
Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...
Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability
Summary Multiple exploitable buffer overflow vulnerabilities exist in the samsungWifiScan handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...
Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...
Samsung SmartThings Hub video-core clips Code Execution Vulnerability
Summary Multiple exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...
Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Blender Sequencer imb_load_dpx_cineon Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .cin file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Blender vcol_to_fcol Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Blender BKE_vfont_to_curve_ex Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the...
Foscam IP Video Camera webService dyndns.com DDNS Client Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating...
Foscam IP Video Camera CGIProxy.fcgi logOut Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...
Circle with Disney configure.xml Notifications Command Injection Vulnerability
Summary An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney 2.0...
Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger thi...
AntennaHouse DMC HTMLFilter UnCompressUnicode Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of AntennaHouse DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS fil...
IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability
IrfanView JPEG 2000 Reference Tile Width Arbitrary Code Execution Vulnerability Summary An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation...
Moxa AWK-3131A serviceAgent Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Tested Versions Moxa AWK-3131A...
Joyent SmartOS Hyprlofs FS IOCTL Add Entries Native File System Denial of Service Vulnerability
Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit...
Apple OS X Scene Kit DAE XML Code Execution Vulnerability
SUMMARY An exploitable type confusion vulnerability exists in the handling of DAE images on OS X. A crafted DAE document can trigger a type confusion vulnerability which potentially could be exploited to achieve attacker controlled code execution. Vulnerability can be triggered via a saved DAE fi...
Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability
Talos Vulnerability Report TALOS-2016-0119 Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability June 21, 2016 CVE Number CVE-2016-2377 DESCRIPTION A buffer vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentiall...
Libarchive Rar RestartModel Code Execution Vulnerability
SUMMARY An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS...
IBM Domino KeyView PDF Filter BaseFont Code Execution Vulnerability
Summary A heap buffer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While parsing a specially...
Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0026 Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 Description An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who...
Network Time Protocol Authenticated Preemptable Modes Denial-of-Service Vulnerability
CERT VU357792 Summary Expected Behavior: The protocol should prevent against off-path Denial of Service attacks in authenticated broadcast and other modes which create preemptable associations, such as: multicast client, manycast client, pool client modes, and associations configured with the...
MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...
Veertu Anka Build node agent update privilege escalation vulnerability
Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...
Microsoft Teams (work or school) for macOS com.microsoft.teams2.modulehost.app helper app library injection vulnerability
Talos Vulnerability Report TALOS-2024-1991 Microsoft Teams work or school for macOS com.microsoft.teams2.modulehost.app helper app library injection vulnerability August 19, 2024 CVE Number CVE-2024-41138 SUMMARY A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app...
Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1978 Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability July 3, 2024 CVE Number CVE-2024-32937 SUMMARY An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129,...
libigl readOFF stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1929 libigl readOFF stack-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24686,CVE-2024-24685,CVE-2024-24684 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially...
AutomationDirect P3-550E Programming Software Connection scan_lib.bin library code injection vulnerability
Talos Vulnerability Report TALOS-2024-1943 AutomationDirect P3-550E Programming Software Connection scanlib.bin library code injection vulnerability May 28, 2024 CVE Number CVE-2024-23601 SUMMARY A code injection vulnerability exists in the scanlib.bin functionality of AutomationDirect P3-550E...
Foxit Reader Barcode widget Calculate event use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1958 Foxit Reader Barcode widget Calculate event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25938 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScrip...
Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability April 25, 2024 CVE Number CVE-2024-22373 SUMMARY An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability
Talos Vulnerability Report TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21972 SUMMARY An arbitrary write vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...
Google Chrome Video Encoder Metrics denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1870 Google Chrome Video Encoder Metrics denial of service vulnerability February 28, 2024 CVE Number None SUMMARY A denial of service vulnerability exists in the Video Encoder Metrics functionality of Google Chrome Chrome Stable 119.0.6045.160 64-bit and...
llama.cpp GGUF library header.n_kv heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1916 llama.cpp GGUF library header.nkv heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23605 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A...
The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1923 The Biosig Project libbiosig sopenFAMOSread use-after-free vulnerability February 20, 2024 CVE Number CVE-2024-23310 SUMMARY A use-after-free vulnerability exists in the sopenFAMOSread functionality of The Biosig Project libbiosig 2.5.0 and Master Branch...
Foxit Reader Choice Field use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1739 Foxit Reader Choice Field use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-28744 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.1.15289. A specially crafted PDF document c...
Foxit Reader checkThisBox type confusion vulnerability
Talos Vulnerability Report TALOS-2023-1795 Foxit Reader checkThisBox type confusion vulnerability July 19, 2023 CVE Number CVE-2023-32664 SUMMARY A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript...
Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1700 Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability July 6, 2023 CVE Number CVE-2023-22844 SUMMARY An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN...
OpenImageIO Project OpenImageIO DPXOutput::close() denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1652 OpenImageIO Project OpenImageIO DPXOutput::close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43593 SUMMARY A denial of service vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4....
Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1552 Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability October 20, 2022 CVE Number CVE-2022-27805 SUMMARY An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc...
Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1514 Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability August 16, 2022 CVE Number CVE-2022-40732 SUMMARY An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver...
Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability
Summary A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can...
NVIDIA nvwgf2umx_cfg.dll shader DCL_RESOURCE_STRUCTURED memory corruption vulnerability
Summary A memory corruption vulnerability exists in the shader DCLRESOURCESTRUCTURED functionality of NVIDIA D3D10 Driver, version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to an out-of-bounds write. This vulnerability potentially could be triggered from guest...
InHand Networks InRouter302 info.jsp cross-site scripting (XSS) vulnerability
Summary A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...
KiCad EDA Gerber Viewer gerber and excellon coordinates parsing stack-based buffer overflow vulnerability
Summary Multiple stack-based buffer overflow vulnerabilities exist in the Gerber Viewer gerber and excellon coordinates parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a maliciou...
Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...
Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...