2224 matches found
Network Time Protocol ntpq Buffer Overflow Vulnerability
CERT VU357792 Summary ntpq contains a buffer overflow. nextvar executes a memcpy into the name buffer without a proper length check against its maximum length of 256 bytes. Tested Versions ntp 4.2.8p3 NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 Product URLs http://www.ntp.orghttp://www.ntp.or...
Pidgin libpurple Novell Protocol Multiple Denial of Service Vulnerabilities
Talos Vulnerability Report VRT-2014-0204 Pidgin libpurple Novell Protocol Multiple Denial of Service Vulnerabilities November 6, 2014 CVE Number CVE-2014-3696 Description Several exploitable denial of service vulnerabilities exist in Pidgin’s implementation of the Novell protocol in the libpurple...
Adobe Acrobat Reader Font VariationStore itemVariationDataCount Uninitialized Pointer Vulnerability
Talos Vulnerability Report TALOS-2025-2135 Adobe Acrobat Reader Font VariationStore itemVariationDataCount Uninitialized Pointer Vulnerability March 12, 2025 CVE Number CVE-2025-27158 SUMMARY A memory corruption vulnerability exists due to the use of an uninitialized pointer in the Font...
Wavlink AC3000 openvpn.cgi openvpn_server_setup() Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2050 Wavlink AC3000 openvpn.cgi openvpnserversetup Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39798,CVE-2024-39800,CVE-2024-39799 SUMMARY Multiple external config control vulnerabilities exists in the openvpn.cgi...
Ankitects Anki Latex Incomplete Blocklist Vulnerability
Talos Vulnerability Report TALOS-2024-1992 Ankitects Anki Latex Incomplete Blocklist Vulnerability July 22, 2024 CVE Number CVE-2024-29073 SUMMARY An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package,...
Foxit Reader Lock object fields property type confusion vulnerability
Talos Vulnerability Report TALOS-2024-1963 Foxit Reader Lock object fields property type confusion vulnerability April 30, 2024 CVE Number CVE-2024-25575 SUMMARY A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted...
The Biosig Project libbiosig BrainVisionMarker Parsing Out-of-bounds Write vulnerability
Talos Vulnerability Report TALOS-2024-1918 The Biosig Project libbiosig BrainVisionMarker Parsing Out-of-bounds Write vulnerability February 20, 2024 CVE Number CVE-2024-23305 SUMMARY An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project...
Adobe Acrobat Reader Font CPAL integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1906 Adobe Acrobat Reader Font CPAL integer overflow vulnerability February 15, 2024 CVE Number CVE-2024-20730 SUMMARY An integer overflow vulnerability exists in the font file processing functionality of Adobe Acrobat Reader 2023.006.20380. A specially craft...
WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability
Talos Vulnerability Report TALOS-2023-1885 WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability January 10, 2024 CVE Number CVE-2023-49715 SUMMARY A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVide...
GTKWave LXT2 lxt2_rd_get_facname decompression out-of-bounds write vulnerabilities
Talos Vulnerability Report TALOS-2023-1826 GTKWave LXT2 lxt2rdgetfacname decompression out-of-bounds write vulnerabilities January 8, 2024 CVE Number CVE-2023-39443,CVE-2023-39444 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A...
GTKWave LXT2 facgeometry parsing integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1818 GTKWave LXT2 facgeometry parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-39273,CVE-2023-39271,CVE-2023-39274,CVE-2023-39275,CVE-2023-39272,CVE-2023-39270 SUMMARY Multiple integer overflow vulnerabilities exist in the LXT2...
JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1758 JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability October 19, 2023 CVE Number CVE-2023-34366 SUMMARY A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially...
SoftEther VPN CiRpcServerThread() MitM authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1755 SoftEther VPN CiRpcServerThread MitM authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-32634 SUMMARY An authentication bypass vulnerability exists in the CiRpcServerThread functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta...
Accusoft ImageGear dcm_pixel_data_decode out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1802 Accusoft ImageGear dcmpixeldatadecode out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-32653 SUMMARY An out-of-bounds write vulnerability exists in the dcmpixeldatadecode functionality of Accusoft ImageGear 20.1. A specially craft...
Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability
Talos Vulnerability Report TALOS-2023-1747 Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability July 17, 2023 CVE Number CVE-2023-36887 SUMMARY A memory corruption vulnerability exists in the Javascript implementation of the Acrobat-based PDF engine in Microsoft Edge 112.0.1722....
Apple DCERPC association groups use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1717 Apple DCERPC association groups use-after-free vulnerability July 13, 2023 CVE Number CVE-2023-32387 SUMMARY A use-after-free vulnerability exists in the library supporting DCERPC functionality in Apple macOS 13.1. A series of specially crafted network...
Moxa SDS-3008 Series Industrial Ethernet Switch web application information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1621 Moxa SDS-3008 Series Industrial Ethernet Switch web application information disclosure vulnerability February 2, 2023 CVE Number CVE-2022-40691 SUMMARY An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008...
Foxit Reader annotation destroy use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1601 Foxit Reader annotation destroy use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-38097 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely destroyin...
WWBN AVideo password hash improper authentication vulnerability
Talos Vulnerability Report TALOS-2022-1545 WWBN AVideo password hash improper authentication vulnerability August 16, 2022 CVE Number CVE-2022-32282 SUMMARY An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a...
Openscad import_stl.cc:import_stl() out-of-bounds stack write vulnerability
Summary An out-of-bounds write vulnerability exists in the importstl.cc:importstl functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Openscad...
VMware Workstation 15 shader functionality round_ni denial of service vulnerability
Summary An exploitable denial of service vulnerability exists in VMware Workstation 15.5.0 build-14665864. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered fro...
CleanMyMac X removeDiagnosticLogs privilege escalation vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmymac...
Samsung SmartThings Hub video-core credentials Code Execution Vulnerability
Summary Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can...
Samsung SmartThings Hub video-core AWSELB Cookie Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on...
Moxa EDR-810 Service Agent Multiple Denial of Service Vulnerabilities
Summary Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp and 4001/tcp to trigger this vulnerability. Tested Version...
Pidgin MXIT get_utf8_string Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0120 Pidgin MXIT getutf8string Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2378 DESCRIPTION A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially...
Foxit Reader Checkbox Calculate CBF_Widget Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2093 Foxit Reader Checkbox Calculate CBFWidget Use-After-Free Vulnerability December 18, 2024 CVE Number CVE-2024-49576 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBFWidget object. A specially craft...
Veertu Anka Build registry archive files directory traversal vulnerability
Talos Vulnerability Report TALOS-2024-2059 Veertu Anka Build registry archive files directory traversal vulnerability October 3, 2024 CVE Number CVE-2024-41163 SUMMARY A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP PCCC out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2004 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP PCCC out-of-bounds read vulnerability September 18, 2024 CVE Number CVE-2024-36981,CVE-2024-36980 SUMMARY An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionalit...
Microsoft OneNote for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41159 SUMMARY A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access...
Peplink Smart Reader web interface mac2name OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1867 Peplink Smart Reader web interface mac2name OS command injection vulnerability April 17, 2024 CVE Number CVE-2023-39367 SUMMARY An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEM...
Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface memory corruption vulnerability
Talos Vulnerability Report TALOS-2023-1864 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 web interface memory corruption vulnerability April 9, 2024 CVE Number CVE-2023-48724 SUMMARY A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350...
WWBN AVideo salt generation insufficient entropy vulnerability
Talos Vulnerability Report TALOS-2023-1900 WWBN AVideo salt generation insufficient entropy vulnerability January 10, 2024 CVE Number CVE-2023-49599 SUMMARY An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially...
GTKWave VZT vzt_rd_process_block autosort out-of-bounds write vulnerabilities
Talos Vulnerability Report TALOS-2023-1817 GTKWave VZT vztrdprocessblock autosort out-of-bounds write vulnerabilities January 8, 2024 CVE Number CVE-2023-39235,CVE-2023-39234 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdprocessblock autosort functionality of GTKWave...
GTKWave VZT vzt_rd_block_vch_decode dict parsing integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1815 GTKWave VZT vztrdblockvchdecode dict parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-38653,CVE-2023-38652 SUMMARY Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode dict parsing functionality of...
Foxit Reader Javascript saveAs arbitrary file creation vulnerability
Talos Vulnerability Report TALOS-2023-1832 Foxit Reader Javascript saveAs arbitrary file creation vulnerability November 27, 2023 CVE Number CVE-2023-39542 SUMMARY A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file c...
Open Babel PQS format pFormat uninitialized pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1670 Open Babel PQS format pFormat uninitialized pointer dereference vulnerability July 21, 2023 CVE Number CVE-2022-46280 SUMMARY A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commi...
Foxit Reader Javascript annotation destruction use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1796 Foxit Reader Javascript annotation destruction use-after-free vulnerability July 19, 2023 CVE Number CVE-2023-33876 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted...
Apple DCERPC alter context response use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1678 Apple DCERPC alter context response use-after-free vulnerability July 13, 2023 CVE Number CVE-2023-28180 SUMMARY A use-after-free vulnerability exists in the state machine of DCERPC library as used in Apple macOS 12.6.1 that can lead to a use-after-free...
Open Automation Software Platform Engine SecureAddUser External config control vulnerability
Summary An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests t...
KiCad EDA Gerber Viewer gerber and excellon GCode/Dcode parsing stack-based buffer overflow vulnerability
Summary Multiple stack-based buffer overflow vulnerabilities exist in the Gerber Viewer gerber and excellon GCode/Dcode parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a maliciou...
3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability
Talos Vulnerability Report TALOS-2021-1226 3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP use-after-free vulnerability March 10, 2021 CVE Number CVE-2021-21772 SUMMARY A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf...
Siemens LOGO! TDE service "DELETEPROG" Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause erased information resulting in a denial of service. An attacker can send an...
Slic3r libslic3r AMF File AMFParserContext::endElement() out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this...
Mini-SNMPD socket disconnect denial-of-service vulnerability
Summary A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate...
miniaudio ma_dr_flac__decode_samples__lpc out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-2063 miniaudio madrflacdecodesampleslpc out-of-bounds write vulnerability March 4, 2025 CVE Number CVE-2024-41147 SUMMARY An out-of-bounds write vulnerability exists in the madrflacdecodesampleslpc functionality of Miniaudio miniaudio v0.11.21. A specially...
Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2070 Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49533 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A font file with...
GNOME Project G Structured File Library (libgsf) Compound Document Binary File Directory integer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2068 GNOME Project G Structured File Library libgsf Compound Document Binary File Directory integer overflow vulnerability October 3, 2024 CVE Number CVE-2024-36474 SUMMARY An integer overflow vulnerability exists in the Compound Document Binary File format...
libigl PlyFile ply_cast_ascii out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1879 libigl PlyFile plycastascii out-of-bounds write vulnerability May 28, 2024 CVE Number CVE-2023-49600 SUMMARY An out-of-bounds write vulnerability exists in the PlyFile plycastascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability
Talos Vulnerability Report TALOS-2023-1850 TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-43482 SUMMARY A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VP...