2224 matches found
Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability
Talos Vulnerability Report TALOS-2016-0143 Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2375 DESCRIPTION An exploitable out-of-bounds ready exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent fr...
Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability
Talos Vulnerability Report TALOS-2016-0140 Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2372 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potential...
Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability
Talos Vulnerability Report VRT-2014-0203 Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability November 6, 2014 CVE Number CVE-2014-3695 Description An exploitable denial of service vulnerability exists in Pidgin’s implementation of the Mxit protocol in the libpurple library. ...
LevelOne WBR-6012 Web Application buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1997 LevelOne WBR-6012 Web Application buffer overflow vulnerability October 30, 2024 CVE Number CVE-2024-28052 SUMMARY The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while...
LevelOne WBR-6012 Web Application weak authentication vulnerability
Talos Vulnerability Report TALOS-2024-1984 LevelOne WBR-6012 Web Application weak authentication vulnerability October 30, 2024 CVE Number CVE-2024-33699 SUMMARY The LevelOne WBR-6012 router’s web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the...
Apple macOS ramrod arbitrary argv[0] execution vulnerability
Talos Vulnerability Report TALOS-2024-2010 Apple macOS ramrod arbitrary argv0 execution vulnerability July 30, 2024 CVE Number CVE-2024-40800 SUMMARY An arbitrary argv0 execution vulnerability exists in the ramrod binary of Apple macOS version 14.5 23F79 x8664. An attacker can inject an arbitrary...
Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1895 Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities July 8, 2024 CVE Number CVE-2023-50243,CVE-2023-50244 SUMMARY Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x...
Realtek rtl819x Jungle SDK boa CSRF protection cross-site request forgery (CSRF) vulnerability
Talos Vulnerability Report TALOS-2023-1872 Realtek rtl819x Jungle SDK boa CSRF protection cross-site request forgery CSRF vulnerability July 8, 2024 CVE Number CVE-2023-47677 SUMMARY A cross-site request forgery csrf vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x...
Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities
Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress Softwa...
Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability
Talos Vulnerability Report TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/uploadconfig.cgi data integrity vulnerability April 17, 2024 CVE Number CVE-2023-45744 SUMMARY A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart...
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability
Talos Vulnerability Report TALOS-2023-1847 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21979 SUMMARY An arbitrary write vulnerability exists in the Shader Functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...
WWBN AVideo functiongetOpenGraph videoName cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2023-1883 WWBN AVideo functiongetOpenGraph videoName cross-site scripting XSS vulnerability January 10, 2024 CVE Number CVE-2023-48728 SUMMARY A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 a...
WWBN AVideo channelBody.php user name cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2023-1884 WWBN AVideo channelBody.php user name cross-site scripting XSS vulnerability January 10, 2024 CVE Number CVE-2023-47861 SUMMARY A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev...
GTKWave LXT2 lxt2_rd_iter_radix shift operation integer underflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1824 GTKWave LXT2 lxt2rditerradix shift operation integer underflow vulnerabilities January 8, 2024 CVE Number CVE-2023-39413,CVE-2023-39414 SUMMARY Multiple integer underflow vulnerabilities exist in the LXT2 lxt2rditerradix shift operation functionality of...
GTKWave FST fstReaderIterBlocks2 temp_signal_value_buf allocation integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1797 GTKWave FST fstReaderIterBlocks2 tempsignalvaluebuf allocation integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-36864 SUMMARY An integer overflow vulnerability exists in the fstReaderIterBlocks2 tempsignalvaluebuf allocation functionali...
GTKWave VCD get_vartoken realloc use-after-free vulnerabilities
Talos Vulnerability Report TALOS-2023-1806 GTKWave VCD getvartoken realloc use-after-free vulnerabilities January 8, 2024 CVE Number CVE-2023-37576,CVE-2023-37577,CVE-2023-37573,CVE-2023-37578,CVE-2023-37575,CVE-2023-37574 SUMMARY Multiple use-after-free vulnerabilities exist in the VCD getvartok...
Foxit Reader 3D Annot use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1837 Foxit Reader 3D Annot use-after-free vulnerability November 27, 2023 CVE Number CVE-2023-32616 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicio...
Weston Embedded uC-HTTP HTTP Server form boundary memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1738 Weston Embedded uC-HTTP HTTP Server form boundary memory corruption vulnerability November 14, 2023 CVE Number CVE-2023-28379 SUMMARY A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP...
Yifan YF325 httpd do_wds stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1765 Yifan YF325 httpd dowds stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-31272 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted...
Milesight MilesightVPN server.js start directory traversal vulnerability
Talos Vulnerability Report TALOS-2023-1702 Milesight MilesightVPN server.js start directory traversal vulnerability July 6, 2023 CVE Number CVE-2023-23907 SUMMARY A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network...
EIP Stack Group OpENer Forward Open connection_management_entry use of uninitialized pointer vulnerability
Talos Vulnerability Report TALOS-2022-1663 EIP Stack Group OpENer Forward Open connectionmanagemententry use of uninitialized pointer vulnerability February 23, 2023 CVE Number CVE-2022-43606 SUMMARY A use-of-uninitialized-pointer vulnerability exists in the Forward Open connectionmanagemententry...
OpenImageIO Project OpenImageIO IFFOutput alignment padding memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1655 OpenImageIO Project OpenImageIO IFFOutput alignment padding memory corruption vulnerability December 22, 2022 CVE Number CVE-2022-43598,CVE-2022-43597 SUMMARY Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionali...
OpenImageIO Project OpenImageIO DPXOutput::close() information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1651 OpenImageIO Project OpenImageIO DPXOutput::close information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-43592 SUMMARY An information disclosure vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project...
Microsoft Office class attribute double-free vulnerability
Talos Vulnerability Report TALOS-2022-1591 Microsoft Office class attribute double-free vulnerability November 15, 2022 CVE Number CVE-2022-41106 SUMMARY A double-free vulnerability exists in the class attribute functionality of Microsoft Office Excel 2019 x86 - version 2207 build 15427.20210 and...
Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability
Talos Vulnerability Report TALOS-2022-1574 Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability October 4, 2022 CVE Number CVE-2022-33896 SUMMARY A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A...
WWBN AVideo aVideoEncoderReceiveImage information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1549 WWBN AVideo aVideoEncoderReceiveImage information disclosure vulnerability August 16, 2022 CVE Number CVE-2022-32761 SUMMARY An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master...
WWBN AVideo charts tab selection cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2022-1537 WWBN AVideo charts tab selection cross-site scripting XSS vulnerability August 16, 2022 CVE Number CVE-2022-26842 SUMMARY A reflected cross-site scripting xss vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev mast...
Adobe Acrobat Reader DC overlapping annotations type confusion vulnerability
Summary A type confusion vulnerability exists in the way Adobe Acrobat Reader DC 2022.001.20085 deals with overlapping annotations. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious file to trigger thi...
InHand Networks InRouter302 router configuration import privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...
Gerbv RS-274X aperture definition tokenization use-after-free vulnerability
Summary A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev commit b5f1eacd and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this...
Garrett Metal Detectors iC Module CMA check_udp_crc memcpy stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...
LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1350 LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability November 17, 2021 CVE Number CVE-2021-21899 SUMMARY A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw...
Lantronix PremierWave 2050 Web Manager Diagnostics: Ping OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability
Summary A signature check bypass vulnerability exists in the Security Monitor SMSyscallStageBaseManifests image validation functionality of Microsoft Azure Sphere 21.01. A specially crafted manifest can lead to a firmware downgrade. An attacker can use syscalls to trigger this vulnerability. Test...
3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability
Summary A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions 3MF Consortium...
AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2020-1102 AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability October 13, 2020 CVE Number CVE-2020-12933 SUMMARY A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS 26.20.15029.27017. A specially...
Mozilla Firefox URL mPath Information Disclosure Vulnerability
Summary An information disclosure vulnerability exists in the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Firefox Release Version 76.0.2 x64. A specially crafted URL object can cause an out-of-bounds read. An attacker can visit a webpage to trigger this...
F2fs-tools fsck.f2fs sanity_check_area_boundary code execution vulnerability
Summary An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...
Blender Sequencer imb_bmp_decode Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .bmp file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
Blender Sequencer imb_loadpng Integer Overflow Code Execution Vulnerability
Summary An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .png file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...
CPP-Ethereum libevm pow2N Code Execution Vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in libevm Ethereum Virtual Machine of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can...
Circle with Disney Configuration Restore Photos File Overwrite Vulnerability
Summary An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circ...
AntennaHouse DMC HTMLFilter Doc_GetFontTable Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the DocGetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this...
Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability
Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...
Iceni Argus PDF Inflate+LZW Decompression Heap-Based Buffer Overflow Vulnerability
Summary An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to...
Joyent SmartOS Hyprlofs FS IOCTL Native File System name Buffer Overflow Privilege Escalation Vulnerability
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...
Joyent SmartOS Hyprlofs FS IOCTL Native File System path Buffer Overflow Privilege Escalation Vulnerability
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...
Hancom Hangul HCell OfficeArt Record pConnectionSites and pVertices Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0149 Hancom Hangul HCell OfficeArt Record pConnectionSites and pVertices Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4294 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office...
Oracle OIT IX SDK libvs_pdf Size Integer Overflow Vulnerability
Talos Vulnerability Report TALOS-2016-0097 Oracle OIT IX SDK libvspdf Size Integer Overflow Vulnerability July 19, 2016 CVE Number CVE-2016-3575 DESCRIPTION An integer overflow leading to two distinct issues can be triggered by a specially crafted PDF file. TESTED VERSIONS Oracle Outside In IX sd...