2224 matches found
Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability
Talos Vulnerability Report TALOS-2021-1239 Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability April 22, 2021 CVE Number CVE-2021-31517 SUMMARY A denial-of-service vulnerability exists in the tdts.ko TRF file-parsing functionality of Trend Micro Inc.’s...
Intel IGC64.DLL Shader Functionality HeapReAlloc code execution vulnerability
Summary An exploitable double free vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted geometry shader can cause a double free vulnerability, leading to arbitrary code execution. An attacker can provide a specially crafted shader file to trigger...
Accusoft ImageGear PNG pngread width code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to t...
Nest Labs Openweave Weave ASN1Writer PutValue Code Execution Vulnerability
Summary An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to...
Clean My Mac X disableLaunchdAgentAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
CleanMyMac X truncateFileAtPath Privilege Escalation Vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...
NASA CFITSIO `ffgkyn` Stack Overflow Code Execution Vulnerability
Summary Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigg...
Simple DirectMedia Layer SDL2_Image load_xcf_tile_rle Information Disclosure Vulnerability
Summary An exploitable information vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this...
Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
Blender Sequencer imb_loadhdr Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .hdr file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
CPP-Ethereum JSON-RPC miner_setGasPrice improper authorization Vulnerability
Summary An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...
Circle with Disney Weak Authentication Vulnerability
Summary An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of...
Circle with Disney Apid Photo Upload Denial of Service Vulnerability
Summary An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to...
Circle with Disney Backup API Command Injection Vulnerability
Summary An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney Product URLs...
Lexmark Perceptive Document Filters XLS ShapeHLink Information Disclosure Vulnerability
Summary An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 Tested...
Iceni Argus TrueType Font File Cmap Table Code Execution Vulnerability
Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than...
Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0185 Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability August 6, 2016 CVE Number CVE-2016-5646 Description An exploitable heap overflow vulnerability exists in the Compound Binary File Format CBFF parser functionality of Lexmark Perceptive...
Oracle OIT IX SDK libvs_pdf Xref Offset Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0102 Oracle OIT IX SDK libvspdf Xref Offset Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3580 Description A vulnerability in PDF parser of the IX SDK exists that results in out of bounds heap memory access following an unchecked memory...
Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity
Talos Vulnerability Report TALOS-2016-0100 Oracle OIT IX SDK libvspdf FlateDecode Colors Denial of Service Vulnerabiity July 19, 2016 CVE Number CVE-2016-3578 DESCRIPTION A null pointer dereference leading to process crash can occur while parsing a malformed PDF file. TESTED VERSIONS Oracle Outsi...
Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0027 Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 DESCRIPTION An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who can...
Network Time Protocol ntpq atoascii Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0063 Network Time Protocol ntpq atoascii Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7852 Description A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffe...
Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2015-0018 Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability June 30, 2015 CVE Number CVE-2015-3667 Description There is a remote code execution vulnerability in Apple Quicktime. An attacker who can control the data inside an stbl atom in a .mov...
Ankitects Anki MPV script injection vulnerability
Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...
AutomationDirect P3-550E Programming Software Connection scan_lib.bin library code injection vulnerability
Talos Vulnerability Report TALOS-2024-1943 AutomationDirect P3-550E Programming Software Connection scanlib.bin library code injection vulnerability May 28, 2024 CVE Number CVE-2024-23601 SUMMARY A code injection vulnerability exists in the scanlib.bin functionality of AutomationDirect P3-550E...
Tinyproxy HTTP request parsing uninitialized memory vulnerability
Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially craft...
Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability
Talos Vulnerability Report TALOS-2024-1949 Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability April 3, 2024 CVE Number CVE-2024-27201 SUMMARY An improper input validation vulnerability exists in the OAS Engine User Configuration functionali...
The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1923 The Biosig Project libbiosig sopenFAMOSread use-after-free vulnerability February 20, 2024 CVE Number CVE-2024-23310 SUMMARY A use-after-free vulnerability exists in the sopenFAMOSread functionality of The Biosig Project libbiosig 2.5.0 and Master Branch...
Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1901 Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability February 15, 2024 CVE Number CVE-2024-20731 SUMMARY A use-after-free vulnerability exists in the FileAttachment PDAnnot object processing in Adobe Acrobat Reader...
SoftEther VPN CiRpcAccepted() authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1754 SoftEther VPN CiRpcAccepted authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-27516 SUMMARY An authentication bypass vulnerability exists in the CiRpcAccepted functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially...
Apple DCERPC call request uninitialized memory heap overflow vulnerability
Talos Vulnerability Report TALOS-2022-1677 Apple DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-27934 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in Apple macOS 12.6.1 that c...
Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1607 Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40969 SUMMARY An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020....
OpenImageIO TGA Format Stack Buffer Overflow Vulnerability
Talos Vulnerability Report TALOS-2022-1628 OpenImageIO TGA Format Stack Buffer Overflow Vulnerability December 22, 2022 CVE Number CVE-2022-41981 SUMMARY A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can...
Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_serial_mac OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1566 Abode Systems, Inc. iota All-In-One Security Kit web interface utilsetserialmac OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29472 SUMMARY An OS command injection vulnerability exists in the web interface utilsetserialmac...
Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2022-1497 Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability August 17, 2022 CVE Number CVE-2022-35821 SUMMARY An out-of-bounds read vulnerability exists in the /proc/fdt mmap operation functionality of Microsoft Azure Sphere 22.02. A...
HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1485 HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability August 16, 2022 CVE Number CVE-2022-25972 SUMMARY An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to...
WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1547 WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability August 16, 2022 CVE Number CVE-2022-30547 SUMMARY A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364...
TCL LinkHub Mesh Wi-Fi confsrv ucloud_set_node_location buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1484 TCL LinkHub Mesh Wi-Fi confsrv ucloudsetnodelocation buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-26342 SUMMARY A buffer overflow vulnerability exists in the confsrv ucloudsetnodelocation functionality of TCL LinkHub Mesh Wi-Fi...
Anker Eufy Homebase 2 mips_collector appsrv_server use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1440 Anker Eufy Homebase 2 mipscollector appsrvserver use-after-free vulnerability June 15, 2022 CVE Number CVE-2022-21806 SUMMARY A use-after-free vulnerability exists in the mipscollector appsrvserver functionality of Anker Eufy Homebase 2 2.1.8.5h. A...
NVIDIA nvwgf2umx_cfg.dll shader DCL_UNORDERED_ACCESS_VIEW_STRUCTURED memory corruption vulnerability
Summary A memory corruption vulnerability exists in the shader DCLUNORDEREDACCESSVIEWSTRUCTURED functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from gue...
InHand Networks InRouter302 console factory stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. Tested...
Lansweeper lansweeper HelpdeskSetupActions SQL injection vulnerability
Summary A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper...
KiCad EDA Gerber Viewer gerber and excellon coordinates parsing stack-based buffer overflow vulnerability
Summary Multiple stack-based buffer overflow vulnerabilities exist in the Gerber Viewer gerber and excellon coordinates parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a maliciou...
Advantech WISE-PaaS/OTA 3.0.9 Server installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of f Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...
Webkit WebCore::GraphicsContext use-after-free vulnerability
Summary A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger...
Accusoft ImageGear TIF IP_planar_raster_unpack improper array index validation vulnerability
Summary An improper array index validation vulnerability exists in the TIF IPplanarrasterunpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...
Adobe Acrobat Reader DC form field format use after free
Talos Vulnerability Report TALOS-2020-1156 Adobe Acrobat Reader DC form field format use after free November 5, 2020 CVE Number CVE-2020-24437 SUMMARY A specific JavaScript code embedded in a PDF file can trigger a use-after-free vulnerability when opening a PDF document in Adobe Acrobat Reader D...
Microsoft Azure Sphere Normal World application ptrace unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.05. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that uses the ptrace system call to...
CleanMyMac X moveItemAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful...
SAP BPC Web Application Information Disclosure Vulnerability
Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HT...
Moxa EDR-810 Web Server URI Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this...