Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2019/06/10 12:0 a.m.193 views

Schneider Electric Modicon M580 UMAS function code 0x65 denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x65 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

7.5CVSS7.7AI score0.02304EPSS
Exploits1
Talos
Talos
added 2019/05/16 12:0 a.m.191 views

Wacom update helper tool start/stopLaunchDProcess privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this...

7.8CVSS7.5AI score0.00597EPSS
Exploits0
Talos
Talos
added 2018/03/28 12:0 a.m.190 views

Allen Bradley Micrologix 1400 Series B PLC Session Communication Insufficient Resource Pool Denial of Service Vulnerability

Summary An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate...

5.3CVSS5.5AI score0.06208EPSS
Exploits1
Talos
Talos
added 2021/06/02 12:0 a.m.188 views

Webkit ImageLoader dispatchPendingErrorEvent use-after-free vulnerability

Summary A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be...

8CVSS8AI score0.0127EPSS
Exploits1
Talos
Talos
added 2020/09/08 12:0 a.m.188 views

Microsoft Windows 10 CLFS.sys ValidateRegionBlocks privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the CLFS.sys ValidateRegionBlocks functionality of Microsoft Windows 10 CLFS.SYS 10.0.19041.264 WinBuild.160101.0800 and Insider Preview CLFS.SYS 10.0.20150.1000 WinBuild.160101.0800. A specially crafted malformed log file can cause a heap...

7.8CVSS8.2AI score0.01093EPSS
Exploits0
Talos
Talos
added 2021/04/19 12:0 a.m.187 views

Synology DSM synoagentregisterd server finder out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the synoagentregisterd server finder functionality of Synology DSM 6.2.3 25426 DS120j. A specially crafted HTTP response can lead to remote code execution. An attacker can use man-in-the-middle techniques to trigger this vulnerability. Tested...

8.7AI score
Exploits0
Talos
Talos
added 2019/11/21 12:0 a.m.187 views

Tenda AC9 /goform/WanParameterSetting Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection, resulting in cod...

7.8CVSS7.9AI score0.01819EPSS
Exploits1
Talos
Talos
added 2019/01/28 12:0 a.m.187 views

WIBU-SYSTEMS WibuKey.sys 0x8200E804 kernel memory information disclosure vulnerability

Summary An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 Build 2400. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An...

5.5CVSS4.8AI score0.0057EPSS
Exploits1
Talos
Talos
added 2019/03/19 12:0 a.m.183 views

Das U-Boot verified boot bypass

Summary An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot’s verified boot and execute an unsigned kernel, embedded in...

8.2CVSS7.1AI score0.00276EPSS
Exploits1
Talos
Talos
added 2016/07/11 12:0 a.m.183 views

Intel HD Graphics Windows Kernel Driver (igdkmd64) Code Execution Vulnerability

SUMMARY A vulnerability exists in the communication functionality of Intel Graphics Kernel Mode Driver. A specially crafted message can cause a vulnerability resulting in executing arbitrary code. An attacker can send specific message to trigger this vulnerability and escalate his privileges on t...

7.8CVSS7.7AI score0.00604EPSS
Exploits2
Talos
Talos
added 2020/03/09 12:0 a.m.182 views

WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities

Summary An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An...

7.8CVSS6.8AI score0.00656EPSS
Exploits3
Talos
Talos
added 2019/10/08 12:0 a.m.182 views

Schneider Electric Modicon M580 UMAS REST API getcominfo denial-of-service vulnerability

Summary An exploitable denial of service vulnerability exists in the UMAS REST API getcominfo functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted HTTP request can cause the device to enter a non-recoverable fault...

8.6CVSS8.6AI score0.32974EPSS
Exploits0
Talos
Talos
added 2020/10/29 12:0 a.m.181 views

Synology QuickConnect servers network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the VPN servers of Synology QuickConnect. The server does not enforce proper subnetting, allowing an attacker to reach any device connected to the VPN. To abuse this vulnerability, the attacker needs to change their subnet...

7.9AI score
Exploits0
Talos
Talos
added 2021/07/26 12:0 a.m.179 views

CODESYS Development System ObjectManager.plugin ObjectStream.ProfileByteArray Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file t...

8.8CVSS8.1AI score0.01648EPSS
Exploits1
Talos
Talos
added 2021/03/02 12:0 a.m.177 views

Accusoft ImageGear JPG format SOF marker processing out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.8...

9.8CVSS8AI score0.00807EPSS
Exploits1
Talos
Talos
added 2019/07/29 12:0 a.m.176 views

SDL_image XCF Image Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS8.7AI score0.03616EPSS
Exploits0
Talos
Talos
added 2021/10/18 12:0 a.m.175 views

ZTE MF971R ADB_MODE_SWITCH stack-based buffer overflow vulnerability

Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow which can lead to remote code execution. An attacker needs to provide a URL to...

9.8CVSS9.9AI score0.0172EPSS
Exploits0
Talos
Talos
added 2021/01/05 12:0 a.m.174 views

Genivia gSOAP WS-Security plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product URLs...

7.5CVSS8.2AI score0.03023EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.172 views

Genivia gSOAP WS-Security plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product URLs...

7.5CVSS8.3AI score0.03023EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.171 views

SoftMaker Office TextMaker Document Record 0x003f integer conversion vulnerability

Summary An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this...

8.8CVSS7.9AI score0.01581EPSS
Exploits1
Talos
Talos
added 2017/07/06 12:0 a.m.170 views

Nitro Pro 11 PDF Handling Code Execution Vulnerability

Summary An out of bound write vulnerability exists in the PDF parsing functionality of Nitro Pro 11.0.4.159. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. Tested...

8.8CVSS9.4AI score0.03868EPSS
Exploits1
Talos
Talos
added 2021/02/03 12:0 a.m.169 views

SoftMaker Office PlanMaker Excel document record 0x00fc memory corruption vulnerability

Summary A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigg...

8.8CVSS8.1AI score0.01525EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.169 views

SoftMaker Office TextMaker Document Record 0x001f sign-extension vulnerability

Summary An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the...

8.8CVSS7.8AI score0.01581EPSS
Exploits1
Talos
Talos
added 2019/05/09 12:0 a.m.169 views

Sqlite3 Window Function Remote Code Execution Vulnerability

Summary An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

8.1CVSS8.4AI score0.06683EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.167 views

Genivia gSOAP WS-Addressing plugin code execution vulnerability

Summary A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product...

9.8CVSS10AI score0.0586EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.166 views

SoftMaker Office TextMaker Document Record 0x002a integer overflow vulnerability

Summary An exploitable integer overflow vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this...

8.8CVSS8AI score0.01397EPSS
Exploits1
Talos
Talos
added 2022/01/26 12:0 a.m.163 views

Reolink RLC-410W cgiserver.cgi JSON command parser denial of service vulnerabilities

Summary Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions reolin...

8.6CVSS8AI score0.01771EPSS
Exploits1
Talos
Talos
added 2019/04/25 12:0 a.m.163 views

Sierra Wireless AirLink ES450 ACEManager iplogging.cgi command injection vulnerability

Summary An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HT...

9CVSS8.8AI score0.19488EPSS
Exploits3
Talos
Talos
added 2021/01/05 12:0 a.m.161 views

Genivia gSOAP WS-Security plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product URLs...

7.5CVSS8.3AI score0.03023EPSS
Exploits1
Talos
Talos
added 2019/09/16 12:0 a.m.161 views

Atlassian Jira WikiRenderer parser XSS vulnerability

Summary An exploitable XSS vulnerability exists in the WikiRenderer functionality of Atlassian Jira, from version 7.6.4 to 8.1.0. A specially crafted comment can cause a persistent XSS. An attacker can create a comment or worklog entry to trigger this vulnerability. Tested Versions Atlassian Jira...

5.4CVSS5.8AI score0.0092EPSS
Exploits0
Talos
Talos
added 2019/06/10 12:0 a.m.161 views

Schneider Electric Modicon M580 UMAS memory block write denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block write functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

7.5CVSS7.7AI score0.01582EPSS
Exploits1
Talos
Talos
added 2017/05/12 12:0 a.m.161 views

Hancom Thinkfree NEO Hangul Word Processor HWPTAG_TAB_DEF Tab Count Code Execution Vulnerability

Summary An exploitable heap-based buffer overflow exists in the Hangul Word Processor component version 9.6.1.4350 of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under th...

8.8CVSS8.1AI score0.01664EPSS
Exploits2
Talos
Talos
added 2019/04/15 12:0 a.m.159 views

Shimo VPN helper tool RunVpncScript privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privilege...

9.3CVSS8.2AI score0.00422EPSS
Exploits1
Talos
Talos
added 2021/07/27 12:0 a.m.158 views

Foxit Reader removeField use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS9AI score0.04546EPSS
Exploits1
Talos
Talos
added 2019/06/17 12:0 a.m.158 views

KCodes NetUSB unauthenticated remote kernel information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and se...

5.8CVSS5.5AI score0.02119EPSS
Exploits0
Talos
Talos
added 2019/06/10 12:0 a.m.158 views

Schneider Electric Modicon M580 UMAS strategy read information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS strategy read functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of the programmed...

7.5CVSS7.6AI score0.03413EPSS
Exploits1
Talos
Talos
added 2019/03/19 12:0 a.m.157 views

CUJO Smart Firewall mdnscap mDNS SRV record denial-of-service vulnerability

Summary An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the “RDLENGTH” value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An...

7.5CVSS7.1AI score0.01323EPSS
Exploits1
Talos
Talos
added 2021/04/19 12:0 a.m.156 views

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers. An attacker can impersonate the remote QuickConnect servers in order to impersonate the remote device and in turn steal the device’s credentials. An attacker...

6.8AI score
Exploits0
Talos
Talos
added 2021/02/03 12:0 a.m.155 views

SoftMaker Office PlanMaker Excel document CEscherObject::ReadNativeProperties multiple heap buffer overflow vulnerabilities

Summary An exploitable heap-based buffer overflow vulnerability exists in the Office Art record-parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer...

7.8AI score
Exploits0
Talos
Talos
added 2019/06/04 12:0 a.m.155 views

Jenkins Artifactory Plugin fillCredentialsIdItems information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the fillCredentialsIdItems endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled -...

4.3CVSS4.5AI score0.01876EPSS
Exploits1
Talos
Talos
added 2017/11/13 12:0 a.m.154 views

Foscam IP Video Camera CGIProxy.fcgi Firmware Upgrade Code Execution Vulnerability

Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to th...

9.9CVSS7.5AI score0.01634EPSS
Exploits2
Talos
Talos
added 2021/10/18 12:0 a.m.153 views

ZTE MF971R HTTP_HOST CRLF Injection vulnerability

Summary An exploitable CRLF injection vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a CRLF injection. An attacker needs to provide a URL to the victim to trigger the vulnerability. Tested Versions ZTE...

4.3CVSS5.2AI score0.00823EPSS
Exploits0
Talos
Talos
added 2019/09/17 12:0 a.m.153 views

Aspose.PDF for C++ LZWDecode filter predictor remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2.for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF...

9.8CVSS9.9AI score0.02375EPSS
Exploits1
Talos
Talos
added 2016/09/13 12:0 a.m.152 views

Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service

Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...

7.8CVSS6.7AI score0.12195EPSS
Exploits1
Talos
Talos
added 2020/11/12 12:0 a.m.151 views

Pixar OpenUSD binary file format index type values information leak vulnerability

Talos Vulnerability Report TALOS-2020-1105 Pixar OpenUSD binary file format index type values information leak vulnerability November 12, 2020 CVE Number CVE-2020-13498,CVE-2020-13496,CVE-2020-13497 SUMMARY An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain...

6.5CVSS4.9AI score0.0168EPSS
Exploits3
Talos
Talos
added 2023/01/10 12:0 a.m.150 views

Asus RT-AX82U cfg_server cm_processConnDiagPktList denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1592 Asus RT-AX82U cfgserver cmprocessConnDiagPktList denial of service vulnerability January 10, 2023 CVE Number CVE-2022-38393 SUMMARY A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U...

7.5CVSS7.6AI score0.18847EPSS
Exploits1
Talos
Talos
added 2021/02/03 12:0 a.m.150 views

SoftMaker Office PlanMaker Document Record 0x8010 out-of-bounds write vulnerability

Summary An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it...

8.8CVSS7.9AI score0.72559EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.150 views

Schneider Electric Modicon M580 UMAS set breakpoint denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS set breakpoint functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...

7.5CVSS7.8AI score0.02626EPSS
Exploits1
Talos
Talos
added 2019/05/16 12:0 a.m.150 views

Wacom update helper tool startProcess privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to...

7.8CVSS8AI score0.0053EPSS
Exploits0
Talos
Talos
added 2019/05/13 12:0 a.m.150 views

Anker Roav A1 Dashcam WifiCmd 9999 Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Tested Versions Anker Roav A1...

9.8CVSS8.8AI score0.02234EPSS
Exploits0
Total number of security vulnerabilities2224