2224 matches found
Oracle OIT ContentAccess libvs_mwkd VwStreamSection Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0159 Oracle OIT ContentAccess libvsmwkd VwStreamSection Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3593 Description A partially controlled memory corruption vulnerability exists in Mac Works Database file format parsing code of Oracle...
Matroska Media Container libmatroska Multiple ElementList Double Free Vulnerabilities
Talos Vulnerability Report TALOS-2016-0037 Matroska Media Container libmatroska Multiple ElementList Double Free Vulnerabilities January 28, 2016 CVE Number CVE-2016-1515 Description A use after free/double free vulnerability can occur in libmatroska while parsing Track elements of the MKV...
GoCast name parameter OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1960 GoCast name parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-28892 SUMMARY An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary comman...
GoCast HTTP API lack of authentication vulnerability
Talos Vulnerability Report TALOS-2024-1962 GoCast HTTP API lack of authentication vulnerability November 21, 2024 CVE Number CVE-2024-21855 SUMMARY A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary...
Microsoft Teams (work or school) for macOS WebView.app helper app library injection vulnerability
Talos Vulnerability Report TALOS-2024-1990 Microsoft Teams work or school for macOS WebView.app helper app library injection vulnerability August 19, 2024 CVE Number CVE-2024-41145 SUMMARY A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams work or school...
Ankitects Anki Flask Invalid Path Reflected Cross-Site Scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2024-1995 Ankitects Anki Flask Invalid Path Reflected Cross-Site Scripting XSS vulnerability July 22, 2024 CVE Number CVE-2024-32484 SUMMARY An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A...
libigl readNODE out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1930 libigl readNODE out-of-bounds write vulnerability May 28, 2024 CVE Number CVE-2024-22181 SUMMARY An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specially crafted .node file can lead to an out-of-bounds write...
Adobe Acrobat Reader Font gvar GlyphVariationData out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1946 Adobe Acrobat Reader Font gvar GlyphVariationData out-of-bounds read vulnerability May 15, 2024 CVE Number CVE-2024-30311 SUMMARY An out-of-bounds read vulnerability exists in the Font functionality of Adobe Acrobat Reader 2023.008.20470.A specially...
Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability
Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...
llama.cpp GGUF library header.n_tensors heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1915 llama.cpp GGUF library header.ntensors heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21836 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.ntensors functionality of llama.cpp Commit...
The Biosig Project libbiosig sopen_FAMOS_read integer overflow to out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1921 The Biosig Project libbiosig sopenFAMOSread integer overflow to out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-21812 SUMMARY An integer overflow vulnerability exists in the sopenFAMOSread functionality of The Biosig Project...
WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability
Talos Vulnerability Report TALOS-2023-1898 WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability January 10, 2024 CVE Number CVE-2023-49810 SUMMARY A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master...
GTKWave VCD var definition section out-of-bounds read vulnerabilities
Talos Vulnerability Report TALOS-2023-1805 GTKWave VCD var definition section out-of-bounds read vulnerabilities January 8, 2024 CVE Number CVE-2023-37447,CVE-2023-37446,CVE-2023-37445,CVE-2023-37444,CVE-2023-37442,CVE-2023-37443 SUMMARY Multiple out-of-bounds read vulnerabilities exist in the VC...
Weston Embedded uC-HTTP HTTP Server form boundary heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1733 Weston Embedded uC-HTTP HTTP Server form boundary heap-based buffer overflow vulnerability November 14, 2023 CVE Number CVE-2023-27882 SUMMARY A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston...
Open Automation Software OAS Platform OAS Engine configuration management information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1775 Open Automation Software OAS Platform OAS Engine configuration management information disclosure vulnerability September 5, 2023 CVE Number CVE-2023-35124 SUMMARY An information disclosure vulnerability exists in the OAS Engine configuration management...
Open Babel MSI format atom uninitialized pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1669 Open Babel MSI format atom uninitialized pointer dereference vulnerability July 21, 2023 CVE Number CVE-2022-44451 SUMMARY A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit...
Open Babel CSR format title out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1667 Open Babel CSR format title out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-41793 SUMMARY An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially...
Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1724 Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability June 26, 2023 CVE Number CVE-2023-1531 SUMMARY A use-after-free vulnerability exists in the WebGL rx::Image11::disassociateStorage functionality of Google Chrome Stable...
WellinTech KingHistorian User authentication information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1683 WellinTech KingHistorian User authentication information disclosure vulnerability March 20, 2023 CVE Number CVE-2022-45124 SUMMARY An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian...
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1637 Siretta QUARTZ-GOLD m2m DELETEFILE cmd directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-41154 SUMMARY A directory traversal vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. ...
Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1615 Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-38066 SUMMARY An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...
Qt Project Qt QML QtScript Reflect API integer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1617 Qt Project Qt QML QtScript Reflect API integer overflow vulnerability January 12, 2023 CVE Number CVE-2022-40983 SUMMARY An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code...
OpenStack oslo.privsep privilege escalation vulnerability
Talos Vulnerability Report TALOS-2022-1599 OpenStack oslo.privsep privilege escalation vulnerability December 20, 2022 CVE Number CVE-2022-38065 SUMMARY A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive...
HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1487 HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability August 16, 2022 CVE Number CVE-2022-26061 SUMMARY A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file...
Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability
Summary An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger th...
Accusoft ImageGear XWD parser::xwdread_pixmapformat_0_or_1 heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10 Product URLs...
Foxit Reader getPageNthWordQuads mishandled exception vulnerability
Summary A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and...
phpGACL return_page redirection open redirect vulnerability
Summary An open redirect vulnerability exists in the returnpage redirection functionality of phpGACL 3.3.7. A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions OpenEMR 5.0.2 OpenEMR developme...
Accusoft ImageGear DICOM parse_dicom_meta_info code execution vulnerability
Talos Vulnerability Report TALOS-2020-1096 Accusoft ImageGear DICOM parsedicommetainfo code execution vulnerability September 1, 2020 CVE Number CVE-2020-6152 SUMMARY A code execution vulnerability exists in the DICOM parsedicommetainfo functionality of Accusoft ImageGear 19.7. A specially crafte...
Microsoft Office Excel PivotField code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in Excel application of Microsoft Office Professional Plus 2016 x86, version 2002, build 12527.20242 and Microsoft Office 365 ProPlus x86, version 1908, build 11929.20606. A specially crafted XLS file can cause a use after free condition,...
Siemens LOGO! TDE service "NFSAccess" Delete Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker...
Prusa Research PrusaSlicer _3MF_Importer::_handle_end_model() use-after-free vulnerability
Summary A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested...
Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability
Talos Vulnerability Report TALOS-2019-0811 Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability August 19, 2019 CVE Number CVE-2019-5044 Summary An exploitable certificate authentication vulnerability exists in the Weave CASE Pairing function of the Nest...
CleanMyMac X removeKextAtPath privilege escalation vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. Tested Versions Clean My Mac X 4.04 Product URLs...
Clean My Mac X removeASL Privilege Escalation Vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a...
Iceni Infix PDF parsing SetSize Code Execution Vulnerability
Summary An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. Tested Versions...
InsideSecure MatrixSSL x509 certificate SubjectDomainPolicy Remote Code Execution Vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a...
AntennaHouse DMC HTMLFilter AddSst Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the AddSst functionality of AntennaHouse DMC HTMLFilter as used by MarkLogioc 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious XLS file to...
Moxa AWK-3131A web_runScript Header Manipulation Denial of Service Vulnerability
Summary An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web...
Iceni Argus PDF TextToPolys Rasterization Code Execution Vulnerability
Summary An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. When rasterizing these shapes, the tool will perfor...
Iceni Argus ipfSetColourStroke Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code exection. An attacker can provide a malicious pdf file to trigger this vulnerability...
Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0137 Pidgin MXIT CPSOCKRECTERM Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2369 DESCRIPTION An NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server...
Ruby Psych::Emitter start_document Heap Overflow Vulnerability
Talos Vulnerability Report TALOS-2016-0032 Ruby Psych::Emitter startdocument Heap Overflow Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument...
Observium vlan html code injection vulnerability
Talos Vulnerability Report TALOS-2024-2091 Observium vlan html code injection vulnerability January 15, 2025 CVE Number CVE-2024-47002 SUMMARY A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitra...
Wavlink AC3000 adm.cgi set_TR069() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2029 Wavlink AC3000 adm.cgi setTR069 buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-37357 SUMMARY A buffer overflow vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2064 Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49532 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2005 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability September 18, 2024 CVE Number CVE-2024-34026 SUMMARY A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities
Talos Vulnerability Report TALOS-2024-2016 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities September 18, 2024 CVE Number CVE-2024-39590,CVE-2024-39589 SUMMARY Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime...
Microsoft CLIPSP.SYS License update out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1965 Microsoft CLIPSP.SYS License update out-of-bounds read vulnerability August 13, 2024 CVE Number CVE-2024-38185 SUMMARY Multiple out-of-bounds read vulnerabilities exists in the License update functionality of Microsoft CLIPSP.SYS 10.0.22621 Build 22621,...
Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability April 25, 2024 CVE Number CVE-2024-25569 SUMMARY An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A...