2224 matches found
GTKWave FST fstReaderIterBlocks2 fstWritex len heap-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1793 GTKWave FST fstReaderIterBlocks2 fstWritex len heap-based buffer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-36747,CVE-2023-36746 SUMMARY Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len...
JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities
Talos Vulnerability Report TALOS-2023-1825 JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities October 19, 2023 CVE Number CVE-2023-35126 SUMMARY An out-of-bounds write vulnerability exists within the parsers for both the...
Yifan YF325 httpd next_page buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 validate.so diag_ping_start command execution vulnerability
Talos Vulnerability Report TALOS-2023-1767 Yifan YF325 validate.so diagpingstart command execution vulnerability October 11, 2023 CVE Number CVE-2023-32632 SUMMARY A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially...
Accusoft ImageGear create_png_object heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1749 Accusoft ImageGear createpngobject heap-based buffer overflow vulnerability September 25, 2023 CVE Number CVE-2023-32614 SUMMARY A heap-based buffer overflow vulnerability exists in the createpngobject functionality of Accusoft ImageGear 20.1. A speciall...
Foxit Reader Field Calculate event use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1756 Foxit Reader Field Calculate event use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-27379 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting...
VMware DCERPC call request uninitialized memory heap overflow vulnerability
Talos Vulnerability Report TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-20892 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in VMware vCenter Server...
Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1724 Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability June 26, 2023 CVE Number CVE-2023-1531 SUMMARY A use-after-free vulnerability exists in the WebGL rx::Image11::disassociateStorage functionality of Google Chrome Stable...
Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1615 Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-38066 SUMMARY An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...
Foxit Reader getPageNthWordQuads mishandled exception vulnerability
Summary A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and...
Accusoft ImageGear JPG Handle_JPEG420 out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the JPG HandleJPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.9...
Accusoft ImageGear SGI Format Buffer Size Processing out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...
Webkit AudioSourceProviderGStreamer use-after-free vulnerability
Summary A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. Tested Versions Webkit WebKitGTK 2.30.1 Product URLs https://webkit.org/ CVSSv3 Score 8.8 -...
Samsung SmartThings Hub video-core samsungWifiScan Callback Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stac...
Circle with Disney Startup WiFi Channel Parsing Command Injection Vulnerability
Summary An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...
AntennaHouse DMC HTMLFilter Txo Code Execution Vulnerability
Summary An exploitable heap corruption vulnerability exists in the Txo functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigge...
Moxa AWK-3131A Web Application onekey Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Tested Versions Moxa...
Joyent SmartOS Hyprlofs FS IOCTL 32-bit File System path Buffer Overflow Privilege Escalation Vulnerability
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...
BlueStacks App Player Privilege Escalation Vulnerability
Talos Vulnerability Report TALOS-2016-0124 BlueStacks App Player Privilege Escalation Vulnerability August 4, 2016 CVE Number CVE-2016-4288 Description A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak...
IBM Domino KeyView PDF Filter Trailer ID Code Execution Vulnerability
SUMMARY A heap based buffer overflow vulnerability present in KeyView PDF filter as used by Domino can lead to remote arbitrary code execution. TESTED VERSIONS KeyView 10.16 as used by IBM Domino 9.0.1 PRODUCT URLs http://www-03.ibm.com/software/products/en/ibmdomino DETAILS While parsing an ID...
IBM Domino KeyView PDF Filter Stream Length Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0090 IBM Domino KeyView PDF Filter Stream Length Code Execution Vulnerability June 8, 2016 CVE Number CVE-2016-0278 Description An integer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to process crash and possible...
Libgraphite Context Item Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0059 Libgraphite Context Item Code Execution Vulnerability February 5, 2016 CVE Number CVE-2016-1523 Description An exploitable heap-based buffer overflow exists in the context item handling functionality of Libgraphite. A specially crafted font can cause a...
Apple Quicktime dref Atom Null Data Reference Entry Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0023 Apple Quicktime dref Atom Null Data Reference Entry Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7090 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size and type of a dat...
Adobe Acrobat Reader Font hMetric Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2134 Adobe Acrobat Reader Font hMetric Out-Of-Bounds Read Vulnerability March 12, 2025 CVE Number CVE-2025-27163 SUMMARY An out-of-bounds read vulnerability exists in the Font functionality of Adobe Acrobat Reader 2024.005.20320. A specially crafted font file...
Wavlink AC3000 nas.cgi add_dir() command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2058 Wavlink AC3000 nas.cgi adddir command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39784,CVE-2024-39785 SUMMARY Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A...
LevelOne WBR-6012 Web Application improper resource allocation vulnerability
Talos Vulnerability Report TALOS-2024-1982 LevelOne WBR-6012 Web Application improper resource allocation vulnerability October 30, 2024 CVE Number CVE-2024-31152 SUMMARY The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application,...
GNOME Project G Structured File Library (libgsf) Compound Document Binary File Sector Allocation Table integer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2069 GNOME Project G Structured File Library libgsf Compound Document Binary File Sector Allocation Table integer overflow vulnerability October 3, 2024 CVE Number CVE-2024-42415 SUMMARY An integer overflow vulnerability exists in the Compound Document Binary...
tddpd enable_test_mode command execution vulnerability
Talos Vulnerability Report TALOS-2023-1862 tddpd enabletestmode command execution vulnerability April 9, 2024 CVE Number CVE-2023-49133,CVE-2023-49134 SUMMARY A command execution vulnerability exists in the tddpd enabletestmode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point...
Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2023-1910 Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability February 15, 2024 CVE Number CVE-2024-20749 SUMMARY An out-of-bounds read vulnerability exists in the font file processing functionality of Adobe Acrobat Reader...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP global config Command injection Vulnerability
Talos Vulnerability Report TALOS-2023-1856 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP global config Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-42664 SUMMARY A post authentication command injection vulnerability exists when setting up the PPTP global configuratio...
GTKWave VCD parse_valuechange portdump out-of-bounds write vulnerabilities
Talos Vulnerability Report TALOS-2023-1804 GTKWave VCD parsevaluechange portdump out-of-bounds write vulnerabilities January 8, 2024 CVE Number CVE-2023-37416,CVE-2023-37419,CVE-2023-37420,CVE-2023-37418,CVE-2023-37417 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the VCD...
GTKWave LXT2 lxt2_rd_expand_integer_to_bits stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1827 GTKWave LXT2 lxt2rdexpandintegertobits stack-based buffer overflow vulnerability January 8, 2024 CVE Number CVE-2023-38583 SUMMARY A stack-based buffer overflow vulnerability exists in the LXT2 lxt2rdexpandintegertobits function of GTKWave 3.3.115. A...
Apple DCERPC array marshaling uninitialized memory disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1688 Apple DCERPC array marshaling uninitialized memory disclosure vulnerability July 13, 2023 CVE Number CVE-2023-27953 SUMMARY There exists a vulnerability in the array marshaling code of DCERPC library as used in Apple macOS 12.6.1 that can lead to use of...
Milesight UR32L ys_thirdparty check_system_user OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1711 Milesight UR32L ysthirdparty checksystemuser OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22365 SUMMARY An OS command injection vulnerability exists in the ysthirdparty checksystemuser functionality of Milesight UR32L v32.3.0.5. A...
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1639 Siretta QUARTZ-GOLD m2m DELETEFILE cmd heap-based buffer overflow vulnerability January 26, 2023 CVE Number CVE-2022-41991 SUMMARY A heap-based buffer overflow vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD...
OpenImageIO TIFF tile pels decoding heap-based buffer overflow
Talos Vulnerability Report TALOS-2022-1633 OpenImageIO TIFF tile pels decoding heap-based buffer overflow December 22, 2022 CVE Number CVE-2022-41639 SUMMARY A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and...
WWBN AVideo session id privilege escalation vulnerability
Talos Vulnerability Report TALOS-2022-1535 WWBN AVideo session id privilege escalation vulnerability August 16, 2022 CVE Number CVE-2022-30605 SUMMARY A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafte...
Adobe Acrobat Reader DC event value use-after-free
Summary A use-after-free vulnerability exists in the way Adobe Acrobat Reader DC 2022.001.20117 deals with event objects across different event types. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious...
Reolink RLC-410W netserver recv_command denial of service vulnerability
Summary A denial of service vulnerability exists in the netserver recvcommand functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions Reolink RLC-410W...
Gerbv RS-274X aperture macro outline primitive integer overflow vulnerability
Summary An integer overflow vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious fi...
Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'group_list' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as...
Lantronix PremierWave 2050 Web Manager Diagnostics: Traceroute OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
xcftools flattenIncrementally rows allocation code execution vulnerability
Summary An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row’s allocation size, that could be exploited to corrupt memory and eventually execute...
Clean My Mac X enableLaunchdAgentAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
Samsung SmartThings Hub video-core credentials Code Execution Vulnerability
Summary Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can...
libxls xls_addCell MulBlank Code Execution Vulnerability
Summary An exploitable Out-of-bounds Write vulnerability exists in the xlsaddCell function of libxls 1.4. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Tested Versions libxls 1....
Circle with Disney Apid Server Fork Denial of Service Vulnerability
Summary An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker...
PowerIso Parsing Code Execution Vulnerability
Summary An stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability. Tested...
Ichitaro Word Processor PersistDirectory Code Execution Vulnerability
Summary Ichitaro Office contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function’s result, the application will use this result in a pointer calculation for reading file data into. Due t...
Oracle OIT IX SDK libvs_pdf Tj Operator Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0098 Oracle OIT IX SDK libvspdf Tj Operator Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3576 DESCRIPTION When parsing a specialy crafted PDF document, a NULL pointer dereference leading to a process termination. A pointer value from a...