Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2016/03/31 12:0 a.m.34 views

Lhasa lha decode_level3_header Heap Corruption Vulnerability

SUMMARY An exploitable integer underflow exists during calculation size for all headers in decodelevel3header function of Lhasa lha application. Smaller value of headerlen than LEVEL3HEADERLEN 32 cause during subtraction integer underflow and lead later to memory corruption via heap based buffer...

7.8CVSS8AI score0.03228EPSS
Exploits1
Talos
Talos
added 2016/01/08 12:0 a.m.34 views

Apple Quicktime mdat Corruption Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0021 Apple Quicktime mdat Corruption Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7089 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...

6.8CVSS6.4AI score0.01648EPSS
Exploits0
Talos
Talos
added 2015/10/21 12:0 a.m.34 views

Network Time Protocol Password Length Memory Corruption Vulnerability

Talos Vulnerability Report TALOS-2015-0065 Network Time Protocol Password Length Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7854 Description A potential buffer overflow vulnerability exists in the password management functionality of ntp. A specially crafted key file cou...

8.8CVSS9.3AI score0.1456EPSS
Exploits0
Talos
Talos
added 2024/08/13 12:0 a.m.33 views

Microsoft CLIPSP.SYS License update privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-1966 Microsoft CLIPSP.SYS License update privilege escalation vulnerability August 13, 2024 CVE Number CVE-2024-38186 SUMMARY A privilege escalation vulnerability exists in the License update functionality of Microsoft CLIPSP.SYS 10.0.22621 Build 22621,...

7.8CVSS8.3AI score0.00839EPSS
Exploits0
Talos
Talos
added 2024/07/22 12:0 a.m.33 views

Ankitects Anki MPV script injection vulnerability

Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...

9.6CVSS9.5AI score0.15067EPSS
Exploits1
Talos
Talos
added 2024/05/15 12:0 a.m.33 views

Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1952 Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability May 15, 2024 CVE Number CVE-2024-30312 SUMMARY An out-of-bounds read vulnerability exists in the Font functionality of Adobe Acrobat Reader 2023.008.20533.A specially crafted...

5.5CVSS6.5AI score0.01767EPSS
Exploits0
Talos
Talos
added 2024/05/01 12:0 a.m.33 views

Tinyproxy HTTP request parsing uninitialized memory vulnerability

Talos Vulnerability Report TALOS-2023-1902 Tinyproxy HTTP request parsing uninitialized memory vulnerability May 1, 2024 CVE Number CVE-2023-40533 SUMMARY An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially craft...

2.6CVSS7.7AI score
Exploits0
Talos
Talos
added 2024/05/01 12:0 a.m.33 views

Milesight UR32L luci2-io file-import firmware update vulnerability

Talos Vulnerability Report TALOS-2023-1852 Milesight UR32L luci2-io file-import firmware update vulnerability May 1, 2024 CVE Number CVE-2023-47166 SUMMARY A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network...

8.8CVSS8.7AI score0.00637EPSS
Exploits0
Talos
Talos
added 2024/04/03 12:0 a.m.33 views

Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability

Talos Vulnerability Report TALOS-2024-1949 Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability April 3, 2024 CVE Number CVE-2024-27201 SUMMARY An improper input validation vulnerability exists in the OAS Engine User Configuration functionali...

4.9CVSS5.5AI score0.00662EPSS
Exploits1
Talos
Talos
added 2024/02/20 12:0 a.m.33 views

The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1925 The Biosig Project libbiosig sopenFAMOSread NULL calloc out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-23606 SUMMARY An out-of-bounds write vulnerability exists in the sopenFAMOSread functionality of The Biosig Project libbiosig...

9.8CVSS9.6AI score0.01679EPSS
Exploits1
Talos
Talos
added 2024/02/20 12:0 a.m.33 views

Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability

Talos Vulnerability Report TALOS-2023-1829 Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability February 20, 2024 CVE Number CVE-2023-38562 SUMMARY A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A...

9.1CVSS8.8AI score0.01081EPSS
Exploits1
Talos
Talos
added 2023/11/27 12:0 a.m.33 views

Foxit Reader signature field OnBlur event use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1839 Foxit Reader signature field OnBlur event use-after-free vulnerability November 27, 2023 CVE Number CVE-2023-38573 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascrip...

8.8CVSS9.1AI score0.01907EPSS
Exploits1
Talos
Talos
added 2023/10/19 12:0 a.m.33 views

JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1809 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability October 19, 2023 CVE Number CVE-2023-38128 SUMMARY An out-of-bounds write vulnerability exists in the “HyperLinkFrame” stream parser of Ichitaro 2023 1.0.1.5937...

7.8CVSS7.9AI score0.00678EPSS
Exploits1
Talos
Talos
added 2023/10/12 12:0 a.m.33 views

SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1741 SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service vulnerability October 12, 2023 CVE Number CVE-2023-23581 SUMMARY A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.967...

7.5CVSS7.5AI score0.00834EPSS
Exploits1
Talos
Talos
added 2023/10/12 12:0 a.m.33 views

SoftEther VPN CiRpcAccepted() authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1754 SoftEther VPN CiRpcAccepted authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-27516 SUMMARY An authentication bypass vulnerability exists in the CiRpcAccepted functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially...

7.8CVSS7.5AI score0.0053EPSS
Exploits1
Talos
Talos
added 2023/07/21 12:0 a.m.33 views

Open Babel Gaussian format orientation out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1672 Open Babel Gaussian format orientation out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-37331 SUMMARY An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit...

7.8CVSS8AI score0.00704EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.33 views

Milesight UR32L uhttpd login buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1697 Milesight UR32L uhttpd login buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-23902 SUMMARY A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead ...

9.8CVSS9.9AI score0.01908EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.33 views

Milesight UR32L ys_thirdparty user_delete OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1694 Milesight UR32L ysthirdparty userdelete OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-23550 SUMMARY An OS command injection vulnerability exists in the ysthirdparty userdelete functionality of Milesight UR32L v32.3.0.5. A specially...

7.2CVSS7.2AI score0.03457EPSS
Exploits1
Talos
Talos
added 2023/06/13 12:0 a.m.33 views

Microsoft Office Excel FreePhisxdb arbitrary free vulnerability

Talos Vulnerability Report TALOS-2023-1730 Microsoft Office Excel FreePhisxdb arbitrary free vulnerability June 13, 2023 CVE Number CVE-2023-32029 SUMMARY An arbitrary free vulnerability exists in the FreePhisxdb functionality of Microsoft Office Excel 2019 Plus 16.0.16130.20218. A...

7.8CVSS7.5AI score0.53513EPSS
Exploits0
Talos
Talos
added 2023/04/24 12:0 a.m.33 views

IBM Corporation AIX invscout SetUID Binary OS Command Injection Vulnerability

Talos Vulnerability Report TALOS-2023-1691 IBM Corporation AIX invscout SetUID Binary OS Command Injection Vulnerability April 24, 2023 CVE Number CVE-2023-28528 SUMMARY An OS command injection vulnerability exists in the invscout setUID binary functionality of IBM Corporation AIX 7.2. A...

8.4CVSS8.4AI score0.01457EPSS
Exploits3
Talos
Talos
added 2023/04/03 12:0 a.m.33 views

ADMesh stl_fix_normal_directions improper array index validation vulnerability

Talos Vulnerability Report TALOS-2022-1594 ADMesh stlfixnormaldirections improper array index validation vulnerability April 3, 2023 CVE Number CVE-2022-38072 SUMMARY An improper array index validation vulnerability exists in the stlfixnormaldirections functionality of ADMesh Master Commit 767a10...

8.8CVSS7.6AI score0.01061EPSS
Exploits1
Talos
Talos
added 2023/03/21 12:0 a.m.33 views

Netgear Orbi Router RBR750 Remote Management cleartext transmission vulnerability

Talos Vulnerability Report TALOS-2022-1598 Netgear Orbi Router RBR750 Remote Management cleartext transmission vulnerability March 21, 2023 CVE Number CVE-2022-38458 SUMMARY A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5....

6.5CVSS6.1AI score0.00614EPSS
Exploits1
Talos
Talos
added 2022/10/20 12:0 a.m.33 views

Abode Systems, Inc. iota All-In-One Security Kit XCMD setAlexa OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1558 Abode Systems, Inc. iota All-In-One Security Kit XCMD setAlexa OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-33189 SUMMARY An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. io...

10CVSS9.8AI score0.03244EPSS
Exploits1
Talos
Talos
added 2022/08/16 12:0 a.m.33 views

HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2022-1486 HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability August 16, 2022 CVE Number CVE-2022-25942 SUMMARY An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to cod...

7.8CVSS7.5AI score0.00577EPSS
Exploits1
Talos
Talos
added 2022/08/01 12:0 a.m.33 views

TCL LinkHub Mesh Wifi confsrv ucloud_add_node_new OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1457 TCL LinkHub Mesh Wifi confsrv ucloudaddnodenew OS command injection vulnerability August 1, 2022 CVE Number CVE-2022-21178 SUMMARY An os command injection vulnerability exists in the confsrv ucloudaddnewnode functionality of TCL LinkHub Mesh Wifi...

9.8CVSS9.8AI score0.03565EPSS
Exploits1
Talos
Talos
added 2022/05/17 12:0 a.m.33 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_UNORDERED_ACCESS_VIEW_STRUCTURED memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLUNORDEREDACCESSVIEWSTRUCTURED functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from gue...

8.5CVSS8.6AI score0.01492EPSS
Exploits0
Talos
Talos
added 2022/01/26 12:0 a.m.33 views

Reolink RLC-410W hardcoded TLS key information disclosure vulnerability

Summary An information disclosure vulnerability exists due to the hardcoded TLS key of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this...

7.5CVSS5.9AI score0.0089EPSS
Exploits0
Talos
Talos
added 2021/11/15 12:0 a.m.33 views

Lantronix PremierWave 2050 Web Manager FsMove directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...

7.2CVSS6.8AI score0.02386EPSS
Exploits1
Talos
Talos
added 2021/06/02 12:0 a.m.33 views

Webkit WebCore::GraphicsContext use-after-free vulnerability

Summary A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger...

8.8CVSS7.9AI score0.02913EPSS
Exploits1
Talos
Talos
added 2021/03/16 12:0 a.m.33 views

Accusoft ImageGear PSD read_icc_icCurve_data heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the PSD readiccicCurvedata functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads to a heap buffer overflow. An attacker can provide a malicious file to trigger...

9.8CVSS9.5AI score0.01407EPSS
Exploits1
Talos
Talos
added 2020/07/31 12:0 a.m.33 views

Microsoft Azure Sphere Normal World application ptrace unsigned code execution vulnerability

Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.05. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that uses the ptrace system call to...

7.3CVSS7.3AI score0.01673EPSS
Exploits1
Talos
Talos
added 2019/12/10 12:0 a.m.33 views

LEADTOOLS libltdic.so LDicomAssociate::SetBinary denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability. Tested...

7.5CVSS7.7AI score0.01942EPSS
Exploits0
Talos
Talos
added 2019/08/19 12:0 a.m.33 views

Nest Labs Openweave Weave DecodeMessageWithLength Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker c...

8.2CVSS7.6AI score0.00775EPSS
Exploits1
Talos
Talos
added 2019/01/02 12:0 a.m.34 views

CleanMyMac X removeItemAtPath Privilege Escalation Vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...

7.1CVSS6AI score0.00309EPSS
Exploits0
Talos
Talos
added 2019/01/02 12:0 a.m.33 views

Clean My Mac X pleaseTerminate denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machi...

7.1CVSS5.8AI score0.00309EPSS
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.33 views

Samsung SmartThings Hub video-core credentials videoHostUrl Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

9.9CVSS9.7AI score0.01753EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.33 views

Samsung SmartThings Hub video-core Camera URL Replace Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “replace” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

9.9CVSS9.7AI score0.01753EPSS
Exploits2
Talos
Talos
added 2018/04/26 12:0 a.m.33 views

Hyland Perceptive Document Filters Microsoft Word CDATA Code Execution Vulnerability

Summary An exploitable heap corruption exists in the Microsoft Word to many types conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted Microsoft Word XML document can lead to heap corruption resulting in remote code execution. An attacker can provide ...

8.8CVSS9.4AI score0.02794EPSS
Exploits1
Talos
Talos
added 2018/03/01 12:0 a.m.33 views

Simple DirectMedia Layer SDL2_image ICO Pitch Handling Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigg...

8.8CVSS8.9AI score0.02677EPSS
Exploits0
Talos
Talos
added 2018/01/11 12:0 a.m.33 views

Blender Sequencer dpxOpen Buffer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .cin file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

8.8CVSS7.8AI score0.01866EPSS
Exploits1
Talos
Talos
added 2017/10/31 12:0 a.m.33 views

Circle with Disney Apid Use-Between-Reallocs Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivit...

5.8CVSS5.5AI score0.01144EPSS
Exploits2
Talos
Talos
added 2017/07/24 12:0 a.m.33 views

FreeRDP Rdp Client License Read Product Info Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use ma...

6.5CVSS6.5AI score0.01569EPSS
Exploits1
Talos
Talos
added 2017/06/19 12:0 a.m.33 views

Foscam IP Video Camera CGIProxy.fcgi SMTP Test User Parameter Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...

8.8CVSS9AI score0.03439EPSS
Exploits1
Talos
Talos
added 2017/05/04 12:0 a.m.33 views

AntennaHouse DMC HTMLFilter Doc_SetSummary Code Execution Vulnerability

AntennaHouse DMC HTMLFilter DocSetSummary Code Execution Vulnerability Summary An exploitable heap corruption vulnerability exists in the DocSetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An...

8.8CVSS9.2AI score0.02124EPSS
Exploits2
Talos
Talos
added 2017/05/04 12:0 a.m.33 views

AntennaHouse DMC HTMLFilter DHFSummary Code Execution Vulnerability

Summary An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious doc file to trigger this vulnerability...

8.8CVSS9.2AI score0.01535EPSS
Exploits2
Talos
Talos
added 2017/02/21 12:0 a.m.33 views

Aerospike Database Server Fabric-Worker Socket-Loop Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this...

7.5CVSS7.6AI score0.0292EPSS
Exploits2
Talos
Talos
added 2017/02/14 12:0 a.m.33 views

Apple GarageBand Out of Bounds Write Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple’s GarageBand version 10.1.4. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means to...

8.8CVSS8.6AI score0.01981EPSS
Exploits2
Talos
Talos
added 2016/08/04 12:0 a.m.33 views

Hancom Hangul Office HShow!NXDeleteLineObj+0x53692 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0146 Hancom Hangul Office HShow!NXDeleteLineObj+0x53692 Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4291 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

7.8CVSS0.2AI score0.02133EPSS
Exploits2
Talos
Talos
added 2016/07/19 12:0 a.m.33 views

Oracle OIT IX SDK libvs_pdf Kids List Information Leak

Talos Vulnerability Report TALOS-2016-0096 Oracle OIT IX SDK libvspdf Kids List Information Leak July 19, 2016 CVE Number CVE-2016-3574 DESCRIPTION When parsing a specially crafted PDF document, the parser is expecting a pointer where string is located leading to a read access violation with a...

9CVSS8.2AI score0.0385EPSS
Exploits1
Talos
Talos
added 2016/06/21 12:0 a.m.33 views

Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability

Talos Vulnerability Report TALOS-2016-0123 Pidgin MXIT mxitconvertmarkuptx Information Leak Vulnerability June 21, 2016 CVE Number CVE-2016-2380 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially...

4.3CVSS5.3AI score0.01764EPSS
Exploits1
Total number of security vulnerabilities2224