2224 matches found
KiCad EDA Gerber Viewer gerber and excellon coordinates parsing stack-based buffer overflow vulnerability
Summary Multiple stack-based buffer overflow vulnerabilities exist in the Gerber Viewer gerber and excellon coordinates parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a maliciou...
Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...
Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...
Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a maliciou...
Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
Apple macOS SMB server signature verification information disclosure vulnerability
Summary An information disclosure vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger an integer overflow, leading to information disclosure, cryptographic check bypass and denial of service. This vulnerability can be triggered by sending a maliciou...
Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability
Talos Vulnerability Report TALOS-2021-1239 Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability April 22, 2021 CVE Number CVE-2021-31517 SUMMARY A denial-of-service vulnerability exists in the tdts.ko TRF file-parsing functionality of Trend Micro Inc.’s...
Adobe Acrobat Reader DC form field format use after free
Talos Vulnerability Report TALOS-2020-1156 Adobe Acrobat Reader DC form field format use after free November 5, 2020 CVE Number CVE-2020-24437 SUMMARY A specific JavaScript code embedded in a PDF file can trigger a use-after-free vulnerability when opening a PDF document in Adobe Acrobat Reader D...
Intel IGC64.DLL Shader Functionality HeapReAlloc code execution vulnerability
Summary An exploitable double free vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted geometry shader can cause a double free vulnerability, leading to arbitrary code execution. An attacker can provide a specially crafted shader file to trigger...
Accusoft ImageGear PNG pngread width code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to t...
Nest Labs Openweave Weave ASN1Writer PutValue Code Execution Vulnerability
Summary An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to...
Clean My Mac X disableLaunchdAgentAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
CleanMyMac X truncateFileAtPath Privilege Escalation Vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...
NASA CFITSIO `ffgkyn` Stack Overflow Code Execution Vulnerability
Summary Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigg...
Simple DirectMedia Layer SDL2_Image load_xcf_tile_rle Information Disclosure Vulnerability
Summary An exploitable information vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this...
Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
Blender Sequencer imb_loadhdr Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .hdr file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
CPP-Ethereum JSON-RPC miner_setGasPrice improper authorization Vulnerability
Summary An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...
Circle with Disney Weak Authentication Vulnerability
Summary An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of...
Circle with Disney Backup API Command Injection Vulnerability
Summary An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney Product URLs...
Lexmark Perceptive Document Filters XLS ShapeHLink Information Disclosure Vulnerability
Summary An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 Tested...
Iceni Argus TrueType Font File Cmap Table Code Execution Vulnerability
Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than...
Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0185 Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability August 6, 2016 CVE Number CVE-2016-5646 Description An exploitable heap overflow vulnerability exists in the Compound Binary File Format CBFF parser functionality of Lexmark Perceptive...
Oracle OIT IX SDK libvs_pdf Xref Offset Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0102 Oracle OIT IX SDK libvspdf Xref Offset Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3580 Description A vulnerability in PDF parser of the IX SDK exists that results in out of bounds heap memory access following an unchecked memory...
Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity
Talos Vulnerability Report TALOS-2016-0100 Oracle OIT IX SDK libvspdf FlateDecode Colors Denial of Service Vulnerabiity July 19, 2016 CVE Number CVE-2016-3578 DESCRIPTION A null pointer dereference leading to process crash can occur while parsing a malformed PDF file. TESTED VERSIONS Oracle Outsi...
Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0027 Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 DESCRIPTION An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who can...
Network Time Protocol ntpq atoascii Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0063 Network Time Protocol ntpq atoascii Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7852 Description A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffe...
Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2015-0018 Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability June 30, 2015 CVE Number CVE-2015-3667 Description There is a remote code execution vulnerability in Apple Quicktime. An attacker who can control the data inside an stbl atom in a .mov...
Ankitects Anki MPV script injection vulnerability
Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...
Tinyproxy HTTP request parsing uninitialized memory vulnerability
Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially craft...
Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability
Talos Vulnerability Report TALOS-2024-1949 Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability April 3, 2024 CVE Number CVE-2024-27201 SUMMARY An improper input validation vulnerability exists in the OAS Engine User Configuration functionali...
Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1901 Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability February 15, 2024 CVE Number CVE-2024-20731 SUMMARY A use-after-free vulnerability exists in the FileAttachment PDAnnot object processing in Adobe Acrobat Reader...
Foxit Reader signature field OnBlur event use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1839 Foxit Reader signature field OnBlur event use-after-free vulnerability November 27, 2023 CVE Number CVE-2023-38573 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascrip...
SoftEther VPN CiRpcAccepted() authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1754 SoftEther VPN CiRpcAccepted authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-27516 SUMMARY An authentication bypass vulnerability exists in the CiRpcAccepted functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially...
Apple DCERPC call request uninitialized memory heap overflow vulnerability
Talos Vulnerability Report TALOS-2022-1677 Apple DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-27934 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in Apple macOS 12.6.1 that c...
Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1607 Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40969 SUMMARY An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020....
OpenImageIO TGA Format Stack Buffer Overflow Vulnerability
Talos Vulnerability Report TALOS-2022-1628 OpenImageIO TGA Format Stack Buffer Overflow Vulnerability December 22, 2022 CVE Number CVE-2022-41981 SUMMARY A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can...
Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_serial_mac OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1566 Abode Systems, Inc. iota All-In-One Security Kit web interface utilsetserialmac OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29472 SUMMARY An OS command injection vulnerability exists in the web interface utilsetserialmac...
Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2022-1497 Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability August 17, 2022 CVE Number CVE-2022-35821 SUMMARY An out-of-bounds read vulnerability exists in the /proc/fdt mmap operation functionality of Microsoft Azure Sphere 22.02. A...
HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1485 HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability August 16, 2022 CVE Number CVE-2022-25972 SUMMARY An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to...
WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1547 WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability August 16, 2022 CVE Number CVE-2022-30547 SUMMARY A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364...
Anker Eufy Homebase 2 mips_collector appsrv_server use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1440 Anker Eufy Homebase 2 mipscollector appsrvserver use-after-free vulnerability June 15, 2022 CVE Number CVE-2022-21806 SUMMARY A use-after-free vulnerability exists in the mipscollector appsrvserver functionality of Anker Eufy Homebase 2 2.1.8.5h. A...
NVIDIA nvwgf2umx_cfg.dll shader DCL_UNORDERED_ACCESS_VIEW_STRUCTURED memory corruption vulnerability
Summary A memory corruption vulnerability exists in the shader DCLUNORDEREDACCESSVIEWSTRUCTURED functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from gue...
InHand Networks InRouter302 console factory stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. Tested...
Lansweeper lansweeper HelpdeskSetupActions SQL injection vulnerability
Summary A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper...
Reolink RLC-410W hardcoded TLS key information disclosure vulnerability
Summary An information disclosure vulnerability exists due to the hardcoded TLS key of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this...
Advantech WISE-PaaS/OTA 3.0.9 Server installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of f Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...
Webkit WebCore::GraphicsContext use-after-free vulnerability
Summary A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger...
Accusoft ImageGear TIF IP_planar_raster_unpack improper array index validation vulnerability
Summary An improper array index validation vulnerability exists in the TIF IPplanarrasterunpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...
Accusoft ImageGear PSD read_icc_icCurve_data heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the PSD readiccicCurvedata functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads to a heap buffer overflow. An attacker can provide a malicious file to trigger...