2224 matches found
Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability
Talos Vulnerability Report TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/uploadconfig.cgi data integrity vulnerability April 17, 2024 CVE Number CVE-2023-45744 SUMMARY A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart...
Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability
Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...
llama.cpp GGUF library header.n_tensors heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1915 llama.cpp GGUF library header.ntensors heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21836 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.ntensors functionality of llama.cpp Commit...
WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability
Talos Vulnerability Report TALOS-2023-1898 WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability January 10, 2024 CVE Number CVE-2023-49810 SUMMARY A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master...
GTKWave LXT2 lxt2_rd_iter_radix shift operation integer underflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1824 GTKWave LXT2 lxt2rditerradix shift operation integer underflow vulnerabilities January 8, 2024 CVE Number CVE-2023-39413,CVE-2023-39414 SUMMARY Multiple integer underflow vulnerabilities exist in the LXT2 lxt2rditerradix shift operation functionality of...
GTKWave VCD var definition section out-of-bounds read vulnerabilities
Talos Vulnerability Report TALOS-2023-1805 GTKWave VCD var definition section out-of-bounds read vulnerabilities January 8, 2024 CVE Number CVE-2023-37447,CVE-2023-37446,CVE-2023-37445,CVE-2023-37444,CVE-2023-37442,CVE-2023-37443 SUMMARY Multiple out-of-bounds read vulnerabilities exist in the VC...
Foxit Reader 3D Annot use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1837 Foxit Reader 3D Annot use-after-free vulnerability November 27, 2023 CVE Number CVE-2023-32616 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicio...
Weston Embedded uC-HTTP HTTP Server form boundary heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1733 Weston Embedded uC-HTTP HTTP Server form boundary heap-based buffer overflow vulnerability November 14, 2023 CVE Number CVE-2023-27882 SUMMARY A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston...
Open Automation Software OAS Platform OAS Engine configuration management information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1775 Open Automation Software OAS Platform OAS Engine configuration management information disclosure vulnerability September 5, 2023 CVE Number CVE-2023-35124 SUMMARY An information disclosure vulnerability exists in the OAS Engine configuration management...
Open Babel CSR format title out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1667 Open Babel CSR format title out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-41793 SUMMARY An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially...
Open Babel MSI format atom uninitialized pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1669 Open Babel MSI format atom uninitialized pointer dereference vulnerability July 21, 2023 CVE Number CVE-2022-44451 SUMMARY A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit...
WellinTech KingHistorian User authentication information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1683 WellinTech KingHistorian User authentication information disclosure vulnerability March 20, 2023 CVE Number CVE-2022-45124 SUMMARY An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian...
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1637 Siretta QUARTZ-GOLD m2m DELETEFILE cmd directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-41154 SUMMARY A directory traversal vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. ...
Qt Project Qt QML QtScript Reflect API integer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1617 Qt Project Qt QML QtScript Reflect API integer overflow vulnerability January 12, 2023 CVE Number CVE-2022-40983 SUMMARY An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code...
OpenStack oslo.privsep privilege escalation vulnerability
Talos Vulnerability Report TALOS-2022-1599 OpenStack oslo.privsep privilege escalation vulnerability December 20, 2022 CVE Number CVE-2022-38065 SUMMARY A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive...
HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1487 HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability August 16, 2022 CVE Number CVE-2022-26061 SUMMARY A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file...
Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability
Summary An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger th...
InHand Networks InRouter302 router configuration import privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...
Accusoft ImageGear XWD parser::xwdread_pixmapformat_0_or_1 heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10 Product URLs...
LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1350 LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability November 17, 2021 CVE Number CVE-2021-21899 SUMMARY A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw...
Lantronix PremierWave 2050 Web Manager Diagnostics: Ping OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability
Summary A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions 3MF Consortium...
phpGACL return_page redirection open redirect vulnerability
Summary An open redirect vulnerability exists in the returnpage redirection functionality of phpGACL 3.3.7. A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions OpenEMR 5.0.2 OpenEMR developme...
Microsoft Office Excel PivotField code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in Excel application of Microsoft Office Professional Plus 2016 x86, version 2002, build 12527.20242 and Microsoft Office 365 ProPlus x86, version 1908, build 11929.20606. A specially crafted XLS file can cause a use after free condition,...
Siemens LOGO! TDE service "NFSAccess" Delete Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker...
Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability
Talos Vulnerability Report TALOS-2019-0811 Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability August 19, 2019 CVE Number CVE-2019-5044 Summary An exploitable certificate authentication vulnerability exists in the Weave CASE Pairing function of the Nest...
Clean My Mac X removeASL Privilege Escalation Vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a...
CleanMyMac X removeKextAtPath privilege escalation vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. Tested Versions Clean My Mac X 4.04 Product URLs...
Iceni Infix PDF parsing SetSize Code Execution Vulnerability
Summary An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. Tested Versions...
InsideSecure MatrixSSL x509 certificate SubjectDomainPolicy Remote Code Execution Vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a...
AntennaHouse DMC HTMLFilter AddSst Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the AddSst functionality of AntennaHouse DMC HTMLFilter as used by MarkLogioc 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious XLS file to...
Moxa AWK-3131A web_runScript Header Manipulation Denial of Service Vulnerability
Summary An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web...
Iceni Argus PDF TextToPolys Rasterization Code Execution Vulnerability
Summary An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. When rasterizing these shapes, the tool will perfor...
Iceni Argus ipfSetColourStroke Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code exection. An attacker can provide a malicious pdf file to trigger this vulnerability...
Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0137 Pidgin MXIT CPSOCKRECTERM Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2369 DESCRIPTION An NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server...
Ruby Psych::Emitter start_document Heap Overflow Vulnerability
Talos Vulnerability Report TALOS-2016-0032 Ruby Psych::Emitter startdocument Heap Overflow Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument...
Observium vlan html code injection vulnerability
Talos Vulnerability Report TALOS-2024-2091 Observium vlan html code injection vulnerability January 15, 2025 CVE Number CVE-2024-47002 SUMMARY A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitra...
Wavlink AC3000 adm.cgi set_TR069() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2029 Wavlink AC3000 adm.cgi setTR069 buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-37357 SUMMARY A buffer overflow vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2064 Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49532 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities
Talos Vulnerability Report TALOS-2024-2016 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities September 18, 2024 CVE Number CVE-2024-39590,CVE-2024-39589 SUMMARY Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2005 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability September 18, 2024 CVE Number CVE-2024-34026 SUMMARY A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality...
Microsoft CLIPSP.SYS License update out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1965 Microsoft CLIPSP.SYS License update out-of-bounds read vulnerability August 13, 2024 CVE Number CVE-2024-38185 SUMMARY Multiple out-of-bounds read vulnerabilities exists in the License update functionality of Microsoft CLIPSP.SYS 10.0.22621 Build 22621,...
Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability April 25, 2024 CVE Number CVE-2024-25569 SUMMARY An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A...
NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2023-1849 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability February 29, 2024 CVE Number CVE-2024-0071 SUMMARY An out-of-bounds read vulnerability exists in the Shader functionality of NVIDIA D3D10 Driver, Version 546.01, 31.0.15.4601. A...
The Biosig Project libbiosig BrainVision Header Parsing double-free vulnerability
Talos Vulnerability Report TALOS-2024-1917 The Biosig Project libbiosig BrainVision Header Parsing double-free vulnerability February 20, 2024 CVE Number CVE-2024-22097 SUMMARY A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Maste...
The Biosig Project libbiosig sopen_FAMOS_read integer overflow to out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1921 The Biosig Project libbiosig sopenFAMOSread integer overflow to out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-21812 SUMMARY An integer overflow vulnerability exists in the sopenFAMOSread functionality of The Biosig Project...
GTKWave FST fstReaderIterBlocks2 fstWritex len heap-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1793 GTKWave FST fstReaderIterBlocks2 fstWritex len heap-based buffer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-36747,CVE-2023-36746 SUMMARY Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len...
GTKWave FST fstReaderIterBlocks2 vesc allocation integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1790 GTKWave FST fstReaderIterBlocks2 vesc allocation integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-35992 SUMMARY An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115,...
JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities
Talos Vulnerability Report TALOS-2023-1825 JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities October 19, 2023 CVE Number CVE-2023-35126 SUMMARY An out-of-bounds write vulnerability exists within the parsers for both the...
Yifan YF325 httpd next_page buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...