2224 matches found
Openscad import_stl.cc:import_stl() out-of-bounds stack write vulnerability
Summary An out-of-bounds write vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Openscad...
Clean My Mac X enableLaunchdAgentAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
Samsung SmartThings Hub video-core credentials Code Execution Vulnerability
Summary Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can...
libxls xls_addCell MulBlank Code Execution Vulnerability
Summary An exploitable Out-of-bounds Write vulnerability exists in the xlsaddCell function of libxls 1.4. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Tested Versions libxls 1....
Circle with Disney Apid Server Fork Denial of Service Vulnerability
Summary An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker...
PowerIso Parsing Code Execution Vulnerability
Summary An stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability. Tested...
Oracle OIT IX SDK libvs_pdf Tj Operator Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0098 Oracle OIT IX SDK libvspdf Tj Operator Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3576 DESCRIPTION When parsing a specialy crafted PDF document, a NULL pointer dereference leading to a process termination. A pointer value from a...
Pidgin MXIT Markup Command Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0133 Pidgin MXIT Markup Command Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2365 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...
Network Time Protocol ntpq Buffer Overflow Vulnerability
CERT VU357792 Summary ntpq contains a buffer overflow. nextvar executes a memcpy into the name buffer without a proper length check against its maximum length of 256 bytes. Tested Versions ntp 4.2.8p3 NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 Product URLs http://www.ntp.orghttp://www.ntp.or...
Pidgin libpurple Novell Protocol Multiple Denial of Service Vulnerabilities
Talos Vulnerability Report VRT-2014-0204 Pidgin libpurple Novell Protocol Multiple Denial of Service Vulnerabilities November 6, 2014 CVE Number CVE-2014-3696 Description Several exploitable denial of service vulnerabilities exist in Pidgin’s implementation of the Novell protocol in the libpurple...
Adobe Acrobat Reader Font VariationStore itemVariationDataCount Uninitialized Pointer Vulnerability
Talos Vulnerability Report TALOS-2025-2135 Adobe Acrobat Reader Font VariationStore itemVariationDataCount Uninitialized Pointer Vulnerability March 12, 2025 CVE Number CVE-2025-27158 SUMMARY A memory corruption vulnerability exists due to the use of an uninitialized pointer in the Font...
Wavlink AC3000 openvpn.cgi openvpn_server_setup() Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2050 Wavlink AC3000 openvpn.cgi openvpnserversetup Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39798,CVE-2024-39800,CVE-2024-39799 SUMMARY Multiple external config control vulnerabilities exists in the openvpn.cgi...
Ankitects Anki Latex Incomplete Blocklist Vulnerability
Talos Vulnerability Report TALOS-2024-1992 Ankitects Anki Latex Incomplete Blocklist Vulnerability July 22, 2024 CVE Number CVE-2024-29073 SUMMARY An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package,...
Realtek rtl819x Jungle SDK boa formFilter stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1875 Realtek rtl819x Jungle SDK boa formFilter stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-49073 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.1...
The Biosig Project libbiosig BrainVisionMarker Parsing Out-of-bounds Write vulnerability
Talos Vulnerability Report TALOS-2024-1918 The Biosig Project libbiosig BrainVisionMarker Parsing Out-of-bounds Write vulnerability February 20, 2024 CVE Number CVE-2024-23305 SUMMARY An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project...
Adobe Acrobat Reader Font CPAL integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1906 Adobe Acrobat Reader Font CPAL integer overflow vulnerability February 15, 2024 CVE Number CVE-2024-20730 SUMMARY An integer overflow vulnerability exists in the font file processing functionality of Adobe Acrobat Reader 2023.006.20380. A specially craft...
WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability
Talos Vulnerability Report TALOS-2023-1885 WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability January 10, 2024 CVE Number CVE-2023-49715 SUMMARY A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVide...
WWBN AVideo salt generation insufficient entropy vulnerability
Talos Vulnerability Report TALOS-2023-1900 WWBN AVideo salt generation insufficient entropy vulnerability January 10, 2024 CVE Number CVE-2023-49599 SUMMARY An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially...
GTKWave LXT2 facgeometry parsing integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1818 GTKWave LXT2 facgeometry parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-39273,CVE-2023-39271,CVE-2023-39274,CVE-2023-39275,CVE-2023-39272,CVE-2023-39270 SUMMARY Multiple integer overflow vulnerabilities exist in the LXT2...
Accusoft ImageGear dcm_pixel_data_decode out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1802 Accusoft ImageGear dcmpixeldatadecode out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-32653 SUMMARY An out-of-bounds write vulnerability exists in the dcmpixeldatadecode functionality of Accusoft ImageGear 20.1. A specially craft...
Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability
Talos Vulnerability Report TALOS-2023-1747 Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability July 17, 2023 CVE Number CVE-2023-36887 SUMMARY A memory corruption vulnerability exists in the Javascript implementation of the Acrobat-based PDF engine in Microsoft Edge 112.0.1722....
Apple DCERPC alter context response use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1678 Apple DCERPC alter context response use-after-free vulnerability July 13, 2023 CVE Number CVE-2023-28180 SUMMARY A use-after-free vulnerability exists in the state machine of DCERPC library as used in Apple macOS 12.6.1 that can lead to a use-after-free...
Foxit Reader annotation destroy use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1601 Foxit Reader annotation destroy use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-38097 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely destroyin...
WWBN AVideo password hash improper authentication vulnerability
Talos Vulnerability Report TALOS-2022-1545 WWBN AVideo password hash improper authentication vulnerability August 16, 2022 CVE Number CVE-2022-32282 SUMMARY An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a...
Open Automation Software Platform Engine SecureAddUser External config control vulnerability
Summary An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests t...
KiCad EDA Gerber Viewer gerber and excellon GCode/Dcode parsing stack-based buffer overflow vulnerability
Summary Multiple stack-based buffer overflow vulnerabilities exist in the Gerber Viewer gerber and excellon GCode/Dcode parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a maliciou...
Slic3r libslic3r Obj File TriangleMesh::TriangleMesh() out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this...
VMware Workstation 15 shader functionality round_ni denial of service vulnerability
Summary An exploitable denial of service vulnerability exists in VMware Workstation 15.5.0 build-14665864. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered fro...
CleanMyMac X removeDiagnosticLogs privilege escalation vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmymac...
Samsung SmartThings Hub video-core AWSELB Cookie Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on...
Moxa EDR-810 Service Agent Multiple Denial of Service Vulnerabilities
Summary Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp and 4001/tcp to trigger this vulnerability. Tested Version...
Pidgin MXIT get_utf8_string Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0120 Pidgin MXIT getutf8string Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2378 DESCRIPTION A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially...
Foxit Reader Checkbox Calculate CBF_Widget Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2093 Foxit Reader Checkbox Calculate CBFWidget Use-After-Free Vulnerability December 18, 2024 CVE Number CVE-2024-49576 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBFWidget object. A specially craft...
Veertu Anka Build registry archive files directory traversal vulnerability
Talos Vulnerability Report TALOS-2024-2059 Veertu Anka Build registry archive files directory traversal vulnerability October 3, 2024 CVE Number CVE-2024-41163 SUMMARY A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP PCCC out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2004 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP PCCC out-of-bounds read vulnerability September 18, 2024 CVE Number CVE-2024-36981,CVE-2024-36980 SUMMARY An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionalit...
Microsoft OneNote for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41159 SUMMARY A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access...
Peplink Smart Reader web interface mac2name OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1867 Peplink Smart Reader web interface mac2name OS command injection vulnerability April 17, 2024 CVE Number CVE-2023-39367 SUMMARY An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEM...
Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1864 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 web interface memory corruption vulnerability April 9, 2024 CVE Number CVE-2023-48724 SUMMARY A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability
Talos Vulnerability Report TALOS-2023-1850 TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-43482 SUMMARY A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VP...
GTKWave VZT vzt_rd_process_block autosort out-of-bounds write vulnerabilities
Talos Vulnerability Report TALOS-2023-1817 GTKWave VZT vztrdprocessblock autosort out-of-bounds write vulnerabilities January 8, 2024 CVE Number CVE-2023-39235,CVE-2023-39234 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdprocessblock autosort functionality of GTKWave...
GTKWave VZT vzt_rd_block_vch_decode dict parsing integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1815 GTKWave VZT vztrdblockvchdecode dict parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-38653,CVE-2023-38652 SUMMARY Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode dict parsing functionality of...
GTKWave LXT2 num_dict_entries integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1820 GTKWave LXT2 numdictentries integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-39316,CVE-2023-39317 SUMMARY Multiple integer overflow vulnerabilities exist in the LXT2 numdictentries functionality of GTKWave 3.3.115. A specially crafted...
Foxit Reader Javascript saveAs arbitrary file creation vulnerability
Talos Vulnerability Report TALOS-2023-1832 Foxit Reader Javascript saveAs arbitrary file creation vulnerability November 27, 2023 CVE Number CVE-2023-39542 SUMMARY A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file c...
Open Babel PQS format pFormat uninitialized pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1670 Open Babel PQS format pFormat uninitialized pointer dereference vulnerability July 21, 2023 CVE Number CVE-2022-46280 SUMMARY A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commi...
Foxit Reader Javascript annotation destruction use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1796 Foxit Reader Javascript annotation destruction use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-33876 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted...
Apple DCERPC presentation result list out of bounds memory access
Talos Vulnerability Report TALOS-2022-1659 Apple DCERPC presentation result list out of bounds memory access July 13, 2023 CVE Number CVE-2023-23539 SUMMARY An out of bounds memory access vulnerability exists in the processing of packets containing presentation result lists in DCERPC library as...
3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability
Talos Vulnerability Report TALOS-2021-1226 3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP use-after-free vulnerability March 10, 2021 CVE Number CVE-2021-21772 SUMMARY A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf...
AMD ATIKMDAG.SYS D3DKMTCreateAllocation handler denial-of-service vulnerability
Talos Vulnerability Report TALOS-2020-1119 AMD ATIKMDAG.SYS D3DKMTCreateAllocation handler denial-of-service vulnerability October 7, 2020 CVE Number CVE-2020-12911 SUMMARY A denial-of-service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS...
Siemens LOGO! TDE service "DELETEPROG" Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause erased information resulting in a denial of service. An attacker can send an...
Slic3r libslic3r AMF File AMFParserContext::endElement() out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this...