2224 matches found
Anker Roav A1 Dashcam WifiCmd 9999 Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Tested Versions Anker Roav A1...
Novatek NT9665X XML_GetScreen Strncmp denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the XMLGetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot...
instipod DuoUniversalKeycloakAuthenticator challenge information disclosure vulnerability
Talos Vulnerability Report TALOS-2023-1907 instipod DuoUniversalKeycloakAuthenticator challenge information disclosure vulnerability December 23, 2023 CVE Number CVE-2023-49594 SUMMARY An information disclosure vulnerability exists in the challenge functionality of instipod...
Moodle spellchecker plugin command execution vulnerability
Summary A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities. Tested Versions Moodle 3.10 Product...
Shimo VPN helper tool configureRoutingWithCommand privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a...
Cesanta Mongoose HTTP Server CGI Remote Code Execcution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP...
Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability
Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...
Novatek NT9665X XML_GetThumbNail denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. Tested...
Jenkins GitLab Plugin Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the testConnection functionality of the Jenkins GitLab Plugin 1.5.11. A specially crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cause affected versions of this plug...
Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability
SUMMARY An exploitable heap buffer overflow vulnerability exists in the Pdfium PDF reader included in the Google Chrome web browser. A specially crafted PDF document with embedded jpeg2000 image can cause a heap buffer overflow potentially resulting in an arbitrary code execution. An attacker can...
VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability
Talos Vulnerability Report TALOS-2022-1587 VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability October 10, 2022 CVE Number CVE-2022-31680 SUMMARY An unsafe deserialization vulnerability exists in the Platform Services Controller functionality of VMware vCenter...
GPAC Project on Advanced Content library MPEG-4 Decoding multiple multiplication integer overflow vulnerabilities
Summary Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow...
Novatek NT9665X HFS Recv buffer overflow code execution vulnerability
Summary An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code executio...
ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability
Summary An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks’s convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution.. The vulnerability can be...
Aspose Aspose.Cells for C++ Number Code Execution Vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigge...
Novatek NT9665X XML_UploadFile path overflow code execution vulnerability
Summary An exploitable code execution vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. Tested...
Reolink RLC-410W cgiserver.cgi Login authentication bypass vulnerability
Summary An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Reolink...
SoftMaker Office PlanMaker Document Record 0x800d memory corruption vulnerability
Summary An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is...
ERPNext frappe.desk.reportview.get SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1091 ERPNext frappe.desk.reportview.get SQL injection vulnerability August 18, 2020 CVE Number CVE-2020-6145 SUMMARY An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can...
Linux kernel CAM table denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different...
Novatek NT9665X XML_UploadFile WifiCmd denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any...
SoftMaker Office PlanMaker Document Records 0x8011 and 0x820a integer overflow vulnerability
Summary An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap...
YouPHPTube /objects/video.php getVideo videoName code execution vulnerability
Summary An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code...
Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability
Summary Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December t2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...
Schneider Electric Modicon M580 UnityPro reliance on untrusted inputs vulnerability
Summary An exploitable reliance on untrusted inputs vulnerability exists in the strategy transfer function of the Schneider Electric Unity Pro L Programming Software. When a specially crafted strategy is programmed to a Modicon M580 Programmable Automation Controller, and UnityProL is used to rea...
Novatek NT9665X XML_GetRawEncJpg denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the XMLGetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot. Teste...
CUJO Smart Firewall threatd hostname reputation check code execution vulnerability
Summary An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement...
GNOME libsoup HTTP Chunked Encoding Remote Code Execution Vulnerability
Summary An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability...
Pharos PopUp Printer Client DecodeBinary Code Execution Vulnerability
Summary An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim’s computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always...
Information Builders WebFOCUS Business Intelligence Portal Command Execution Vulnerability
Summary An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability. Tested Version...
NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MUL code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg MUL functionality of NVIDIA D3D10 Driver Version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V RemoteFX. Test...
Telegram Android Secret Chats Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the “Secret Chats” functionality of the Telegram Android messaging application version 4.9.0. The “Secret Chats” functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request...
Accusoft ImageGear TIFF index record out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.8 Product URLs...
PaX read_kmem denial of service vulnerability
Summary An exploitable vulnerability exists in the grsecurity PaX patch for the function readkmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from versio...
Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities
Summary Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon 2.2.1. mmmagentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a...
Foscam IP Video Camera CGIProxy.fcgi FTP Startup Configuration Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection...
TCL LinkHub Mesh Wifi GetValue buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1463 TCL LinkHub Mesh Wifi GetValue buffer overflow vulnerability August 1, 2022 CVE Number...
Windows 10 win32kbase HMMarkObjectDestroy Arbitrary Code Execution Vulnerability
Summary A use after free vulnerability exists in Windows 10, Version 10.0.19033.1, when a Win32k component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the kernel context and elevation of privileges. This...
SDL_image XPM image colorhash parsing Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a...
Netgear Orbi Router RBR750 access control command execution vulnerability
Talos Vulnerability Report TALOS-2022-1596 Netgear Orbi Router RBR750 access control command execution vulnerability March 21, 2023 CVE Number CVE-2022-37337 SUMMARY A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A...
Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...
WAGO PFC200 iocheckd service "I/O-Check" factory restore denial-of-service vulnerability
WAGO PFC200 iocheckd service “I/O-Check” factory restore denial-of-service vulnerability Summary An exploitable denial-of-service vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A single packet can cause a denial of service and weaken credentials resulting ...
Symantec Endpoint Protection Small Business Edition ccSetx86.sys 0x224844 kernel memory information disclosure vulnerability
Summary An exploitable kernel memory disclosure vulnerability exists in the 0x224844 IOCTL handler function of Symantec Endpoint Protection Small Business Edition ccSetx86.sys, version 16.0.0.77. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in...
Intel Raid Web Console 3 DISCOVERY Denial of Service
Summary An exploitable denial of service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can cause the LSA.exe service to exit, resulting in a denial of service. A remote unauthenticated attacker can send a malicious POST request to trigg...
Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability
Talos Vulnerability Report TALOS-2020-1109 Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-13507, CVE-2020-13508 Summary Multiple SQL injection vulnerabilities exist in the Alias.asmx Web Service functionality of eDNA Enterprise...
Accusoft ImageGear GIF LZW decoder heap overflow vulnerability
Summary A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this...
Moxa SDS-3008 Series Industrial Ethernet Switch web server denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1618 Moxa SDS-3008 Series Industrial Ethernet Switch web server denial of service vulnerability February 2, 2023 CVE Number CVE-2022-40224 SUMMARY A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial...
Pixar OpenUSD SDF layer path remote code execution
Summary A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the...
Pixar OpenUSD Binary File Format Decompressed Path Rebuilding Memory corruption
Summary An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability,...
GPAC Project Advanced Content MPEG-4 Decoding multiple integer truncation vulnerabilities
Summary Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes...