2224 matches found
Gerbv pick-and-place rotation parsing use of uninitialized variable vulnerability
Summary An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev commit b5f1eacd, and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An...
Microsoft Azure Sphere Pluton concurrent syscalls denial of service vulnerability
Summary A denial of service vulnerability exists in the Pluton syscalls functionality of Microsoft Azure Sphere 21.01, 21.06 and 21.07. A specially-crafted set of syscalls executed in parallel by an unprivileged process can lead to the crash of Pluton, resulting in a device reboot denial of...
Gerbv drill format T-code tool number out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to...
Microsoft Azure Sphere Kernel pwm_ioctl_apply_state kfree() code execution vulnerability
Summary A code execution vulnerability exists in the kernel pwmioctlapplystate functionality of Microsoft Azure Sphere 21.01. A specially crafted ioctl can lead to arbitrary kfree. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Microsoft Azure Sphere 21.01 Product...
Clean My Mac X removePackageWithID privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
LibOFX Tag Parsing Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability...
Iceni Argus ipStringCreate Code Execution Vulnerability
Summary An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability. Tested Versions Iceni Argus 6.6.0...
Joyent SmartOS Hyprlofs FS IOCTL Add Entries 32-bit File System Denial of Service Vulnerability
Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never...
GMER Path Length Code Execution Vulnerability
Summary A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99...
Microsoft .NET Manifest Resource Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2015-0129 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...
Pidgin libpurple STUN Response Length NULL Write Vulnerability
Talos Vulnerability Report VRT-2014-0202 Pidgin libpurple STUN Response Length NULL Write Vulnerability May 11, 2015 Description A exploitable NULL write vulnerability exists in Pidgin’s implementation of the STUN protocol in the libpurple library. An attacker who can control the response to a ST...
Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability
Talos Vulnerability Report TALOS-2025-2276 Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability May 4, 2026 CVE Number CVE-2025-58074 SUMMARY A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Stor...
Wavlink AC3000 fw_check.sh Firmware Upload vulnerability
Talos Vulnerability Report TALOS-2024-2037 Wavlink AC3000 fwcheck.sh Firmware Upload vulnerability January 14, 2025 CVE Number CVE-2024-39273 SUMMARY A firmware update vulnerability exists in the fwcheck.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can...
Wavlink AC3000 wireless.cgi AddMac() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2043 Wavlink AC3000 wireless.cgi AddMac buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39757 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Adobe Acrobat Reader Annotation Object Page Race Condition Vulnerability
Talos Vulnerability Report TALOS-2024-2011 Adobe Acrobat Reader Annotation Object Page Race Condition Vulnerability September 10, 2024 CVE Number CVE-2024-39420 SUMMARY A time-of-check time-of-use vulnerability exists in Adobe Acrobat Reader 2024.002.20759. A specially crafted Javascript code...
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Talos Vulnerability Report TALOS-2024-1994 Ankitects Anki LaTeX Blocklist Bypass vulnerability July 22, 2024 CVE Number CVE-2024-32152 SUMMARY A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitra...
libigl readMSH out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1928 libigl readMSH out-of-bounds read vulnerability May 28, 2024 CVE Number CVE-2024-24583,CVE-2024-24584 SUMMARY Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an...
GTKWave FST fstReaderIterBlocks2 time_table tsec_nitems integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1792 GTKWave FST fstReaderIterBlocks2 timetable tsecnitems integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-35128 SUMMARY An integer overflow vulnerability exists in the fstReaderIterBlocks2 timetable tsecnitems functionality of GTKWave...
GTKWave LXT2 zlib block allocation integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1822 GTKWave LXT2 zlib block allocation integer overflow vulnerability January 8, 2024 CVE Number CVE-2023-35989 SUMMARY An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 fil...
SoftEther VPN vpnserver WpcParsePacket() heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1735 SoftEther VPN vpnserver WpcParsePacket heap-based buffer overflow vulnerability October 12, 2023 CVE Number CVE-2023-27395 SUMMARY A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN...
SNIProxy wildcard backend hosts buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1731 SNIProxy wildcard backend hosts buffer overflow vulnerability March 30, 2023 CVE Number CVE-2023-25076 SUMMARY A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch commit:...
Open Automation Software Platform Engine SecureAddSecurity external config control vulnerability
Summary An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of...
Accusoft ImageGear ioca_mys_rgb_allocate memory corruption vulnerability
Summary A memory corruption vulnerability exists in the iocamysrgballocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10...
Microsoft Azure Sphere Kernel GPIO_SET_PIN_CONFIG_IOCTL information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1339 Microsoft Azure Sphere Kernel GPIOSETPINCONFIGIOCTL information disclosure vulnerability November 9, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the GPIOSETPINCONFIGIOCTL functionality of Microsoft Azure Sphere 21.06. A...
Samsung SmartThings Hub video-core database shard code execution vulnerabilities
Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the “shard” table of its SQLite database, leading to a buffer...
Wavlink AC3000 wireless.cgi SetName() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2039 Wavlink AC3000 wireless.cgi SetName buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39357 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 nas.cgi set_nas() samba Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2052 Wavlink AC3000 nas.cgi setnas samba Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-39602 SUMMARY An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
LevelOne WBR-6012 hard-coded password vulnerability
Talos Vulnerability Report TALOS-2024-1979 LevelOne WBR-6012 hard-coded password vulnerability October 30, 2024 CVE Number CVE-2024-28875,CVE-2024-31151 SUMMARY A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during...
LevelOne WBR-6012 Web Application authentication bypass vulnerability
Talos Vulnerability Report TALOS-2024-1996 LevelOne WBR-6012 Web Application authentication bypass vulnerability October 30, 2024 CVE Number CVE-2024-23309 SUMMARY The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance ...
LevelOne WBR-6012 Web Application information disclosure vulnerability
Talos Vulnerability Report TALOS-2024-1986 LevelOne WBR-6012 Web Application information disclosure vulnerability October 30, 2024 CVE Number CVE-2024-33626 SUMMARY The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive...
Adobe Acrobat Reader Font gvar TupleVariation Data Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2002 Adobe Acrobat Reader Font gvar TupleVariation Data Out-Of-Bounds Read Vulnerability August 13, 2024 CVE Number CVE-2024-41832 SUMMARY An out-of-bounds read vulnerability exists in CoolType, a font processing framework used by Adobe Acrobat Reader...
Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1877 Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability July 8, 2024 CVE Number CVE-2023-45742 SUMMARY An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK...
Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the Security Monitor SMSyscallStageBaseManifests offset calculation of Microsoft Azure Sphere 21.01. A specially crafted manifest could lead to information disclosure. An attacker can use syscalls to trigger this vulnerability. Tested Versions...
Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability
Summary A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
Siemens LOGO! TDE service "NFSAccess" Upload File Write Vulnerability
Summary An exploitable file write vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can upload or overwrite file content to the local SD card. An attacker can send a sequence of maliciou...
Canva Affinity EMF File EMR_STRETCHBLT cbBitsSrc Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2313 Canva Affinity EMF File EMRSTRETCHBLT cbBitsSrc Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66633 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file...
Wavlink AC3000 nas.cgi set_ftp_cfg() Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2056 Wavlink AC3000 nas.cgi setftpcfg Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39788,CVE-2024-39790,CVE-2024-39789 SUMMARY Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavli...
Foxit Reader 3D Page Object Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2094 Foxit Reader 3D Page Object Use-After-Free Vulnerability December 18, 2024 CVE Number CVE-2024-47810 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside...
Microsoft PowerPoint for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1974 Microsoft PowerPoint for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-39804 SUMMARY A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint’s acces...
Microsoft CLIPSP.SYS License Update out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1988 Microsoft CLIPSP.SYS License Update out-of-bounds read vulnerability August 13, 2024 CVE Number None SUMMARY An out-of-bounds read vulnerability exists in the License Update functionality of Microsoft CLIPSP.SYS 10.0.22621 Build 22621. A specially crafte...
Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2009 Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability August 13, 2024 CVE Number CVE-2024-41830 SUMMARY A use-after-free vulnerability exists in the AV3DVirtAnnot functionality of Adobe Acrobat Reader 2024.002.20759. A...
stb stb_vorbis.c comment heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1846 stb stbvorbis.c comment heap-based buffer overflow vulnerability May 1, 2024 CVE Number CVE-2023-47212 SUMMARY A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd GRE command injection vulnerability
Talos Vulnerability Report TALOS-2023-1855 TP-Link ER7206 Omada Gigabit VPN Router uhttpd GRE command injection vulnerability February 6, 2024 CVE Number CVE-2023-47167 SUMMARY A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada...
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
Talos Vulnerability Report TALOS-2023-1736 SoftEther VPN DCRegister DDNSRPCMAXRECVSIZE denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22325 SUMMARY A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta,...
JustSystems Corporation Ichitaro Attribute Arena buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1684 JustSystems Corporation Ichitaro Attribute Arena buffer overflow vulnerability April 5, 2023 CVE Number CVE-2022-45115 SUMMARY A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted...
Lansweeper WebUserActions.aspx Stored XSS vulnerability
Summary A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. Tested...
Reolink RLC-410W netserver parse_command_list memory corruption vulnerability
Summary A memory corruption vulnerability exists in the netserver parsecommandlist functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Reolink...
STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server denial of service vulnerability
Talos Vulnerability Report TALOS-2024-2097 STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server denial of service vulnerability April 2, 2025 CVE Number CVE-2024-50384,CVE-2024-50385 SUMMARY A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics...
Wavlink AC3000 nas.cgi add_dir() Directory Traversal Vulnerabilities
Talos Vulnerability Report TALOS-2024-2057 Wavlink AC3000 nas.cgi adddir Directory Traversal Vulnerabilities January 14, 2025 CVE Number CVE-2024-39786,CVE-2024-39787 SUMMARY Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.21050...
NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1955 NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0121 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality SAMPLE instruction of NVIDIA D3D10 Driver NVIDIA D3D...