Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2021/08/16 12:0 a.m.121 views

GPAC Project Advanced Content MPEG-4 Decoding multiple integer addition overflow vulnerabilities

Summary Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer...

8.9AI score
Exploits0
Talos
Talos
added 2020/12/09 12:0 a.m.120 views

Foxit Reader JavaScript media openPlayer type confusion vulnerability

Summary A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the...

8.8CVSS9AI score0.02869EPSS
Exploits1
Talos
Talos
added 2019/11/04 12:0 a.m.120 views

Investintech Able2Extract Professional BMP decoding biClrUsed code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending t...

8.8CVSS8.2AI score0.01955EPSS
Exploits1
Talos
Talos
added 2019/10/17 12:0 a.m.120 views

YouPHPTube Encoder base64Url multiple command injections

Summary Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific...

10CVSS9.9AI score0.45302EPSS
Exploits3
Talos
Talos
added 2019/08/20 12:0 a.m.120 views

Aspose Aspose.Words for C++ EnumMetaInfo Code Execution Vulnerability

Summary An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words for C++, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malforme...

9.8CVSS9.5AI score0.03282EPSS
Exploits0
Talos
Talos
added 2017/11/13 12:0 a.m.120 views

Foscam IP Video Camera devMng Multi-Camera Port 10000 Command 0x0002 Username Field Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. Tested Versions...

9.1CVSS9.5AI score0.01428EPSS
Exploits2
Talos
Talos
added 2019/07/29 12:0 a.m.119 views

SDL_image XPM image color code code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow,...

8.8CVSS8.8AI score0.03616EPSS
Exploits0
Talos
Talos
added 2019/03/19 12:0 a.m.119 views

CUJO Smart Firewall dhcpd.conf verified boot bypass

Summary An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this...

8.2CVSS7.8AI score0.00501EPSS
Exploits1
Talos
Talos
added 2021/08/10 12:0 a.m.117 views

Mozilla Firefox MediaCacheStream::NotifyDataReceived use-after-free vulnerability

Summary A potential remote code execution vulnerability exists in the MediaCacheStream::NotifyDataReceived method of Mozilla Firefox 89.0.3 x64. A specially-crafted web page can cause a use-after-free vulnerability potentially resulting in a code execution. A victim needs to visit a malicious...

8.8CVSS9.2AI score0.01451EPSS
Exploits1
Talos
Talos
added 2020/11/17 12:0 a.m.117 views

ProcessMaker sort parameter multiple SQL Injection Vulnerabilities

Summary Multiple SQL injection vulnerabilities exist in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions ProcessMaker 3.4.11...

8.8CVSS8.2AI score0.01682EPSS
Exploits2
Talos
Talos
added 2020/11/12 12:0 a.m.117 views

Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to acce...

8.8CVSS7.8AI score0.02558EPSS
Exploits1
Talos
Talos
added 2020/02/25 12:0 a.m.117 views

Synology DSM findhostd unencrypted credentials disclosure vulnerability

Summary An information disclosure vulnerability exists in the findhostd authentication functionality of Synology DSM 6.2.3 25426 DS120j. Using an application e.g. Synology Assistant can lead to information disclosure of administrator credentials. An attacker can sniff network traffic to trigger...

7.7AI score
Exploits0
Talos
Talos
added 2020/09/23 12:0 a.m.116 views

Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities

Talos Vulnerability Report TALOS-2020-1108 Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities September 23, 2020 CVE Number CVE-2020-13503, CVE-2020-13504, CVE-2020-13505, CVE-2020-13521 Summary Multiple SQL injection vulnerabilities exists in the...

10AI score0.01183EPSS
Exploits2
Talos
Talos
added 2019/03/19 12:0 a.m.116 views

CUJO Smart Firewall safe browsing Host header-parsing firewall bypass vulnerability

Summary An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The “Host” header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit...

7.5CVSS6.1AI score0.01168EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.115 views

Milesight UR32L vtysh_ubus sprintf pattern buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1716 Milesight UR32L vtyshubus sprintf pattern buffer overflow vulnerabilities July 6, 2023 CVE Number...

7.2CVSS8.4AI score0.01503EPSS
Exploits44
Talos
Talos
added 2021/07/26 12:0 a.m.115 views

CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...

8.8CVSS8AI score0.01298EPSS
Exploits0
Talos
Talos
added 2020/12/02 12:0 a.m.115 views

EIP Stack Group OpENer ethernet/IP server denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests ...

7.5CVSS7.7AI score0.02063EPSS
Exploits1
Talos
Talos
added 2020/01/07 12:0 a.m.115 views

E2fsprogs e2fsck rehash.c mutate_name() Code Execution Vulnerability

Summary A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Test...

7.5CVSS7.4AI score0.01025EPSS
Exploits1
Talos
Talos
added 2019/05/14 12:0 a.m.115 views

Adobe Acrobat Reader DC app.thermometer Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.10.20098. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need ...

9.3CVSS8.8AI score0.0877EPSS
Exploits0
Talos
Talos
added 2019/05/06 12:0 a.m.115 views

Jenkins Ansible Tower Plugin information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the testTowerConnection function of the Jenkins Ansible Tower Plugin 0.9.1. A specially crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cause affected versions of thi...

8.8CVSS8.4AI score0.01525EPSS
Exploits0
Talos
Talos
added 2019/04/15 12:0 a.m.115 views

VMware Workstation 15 vertex shader functionality denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted vertex shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware gues...

6.8CVSS6.4AI score0.01666EPSS
Exploits0
Talos
Talos
added 2021/07/07 12:0 a.m.114 views

IOBit Advanced SystemCare Ultimate Privileged I/O Read vulnerabilities

Summary An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive...

6.5CVSS5.2AI score0.0034EPSS
Exploits3
Talos
Talos
added 2020/03/09 12:0 a.m.114 views

WAGO e!COCKPIT file path improper input validation vulnerability

Summary An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executi...

7.8CVSS7.8AI score0.01817EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.114 views

WAGO PFC100/200 Web-Based Management (WBM) FastCGI configuration insufficient resource pool denial of service

Summary The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to “provide high performance for all Internet applications without the penalties of Web...

7.5CVSS7.8AI score0.01759EPSS
Exploits1
Talos
Talos
added 2019/08/20 12:0 a.m.114 views

Aspose Aspose.Cells for C++ LabelSst Code Execution Vulnerability

Summary An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells for C++ 19.1.0. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to...

9.8CVSS8.7AI score0.0314EPSS
Exploits0
Talos
Talos
added 2021/02/02 12:0 a.m.113 views

Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Network Segment Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS7.4AI score0.03454EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.113 views

Synology SRM dnsExit DDNS provider information disclosure vulnerability

Summary An information disclosure vulnerability exists in the dnsExit DDNS provider functionality of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted man-in-the-middle attack can steal the dnsExit credentials to take over the registered subdomain. An attacker can impersonate the remote...

5AI score
Exploits0
Talos
Talos
added 2020/10/29 12:0 a.m.113 views

Synology SRM QuickConnect authentication Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1058 Synology SRM QuickConnect authentication Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27649 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect authentication functionality of Synology SRM...

9CVSS9AI score0.00711EPSS
Exploits1
Talos
Talos
added 2022/07/27 12:0 a.m.112 views

Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability

Talos Vulnerability Report TALOS-2022-1511 Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability July 27, 2022 CVE Number CVE-2022-26376 SUMMARY A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and...

9.8CVSS7.5AI score0.01075EPSS
Exploits1
Talos
Talos
added 2020/12/08 12:0 a.m.112 views

Schneider Electric EcoStruxure Control Expert APX project file processing code execution vulnerability

Summary A local code execution vulnerability exists in the APX project file processing functionality of Schneider Electric EcoStruxure Control Expert 14.1. The opening of a STA project archive containing a specially crafted APX project file can lead to code execution. An attacker can provide a...

8.6CVSS8.8AI score0.01387EPSS
Exploits0
Talos
Talos
added 2019/12/11 12:0 a.m.112 views

W1.fi hostapd CAM table denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CA...

7.4CVSS6.9AI score0.10114EPSS
Exploits1
Talos
Talos
added 2019/07/29 12:0 a.m.112 views

SDL_image PCX Image Code execution Vulnerability

Summary An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS8.9AI score0.03616EPSS
Exploits0
Talos
Talos
added 2021/06/28 12:0 a.m.111 views

PowerISO DMG File Format Handler memory corruption vulnerability

Summary A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the curre...

8.8CVSS7.8AI score0.00947EPSS
Exploits1
Talos
Talos
added 2021/06/08 12:0 a.m.111 views

Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability

Summary A code execution vulnerability exists in the WebAudio blink::AudioNodeOutput::Pull functionality of Google Chrome 90.0.4405.0 Build 64-bit and 88.0.4324.146 Official version 64-bit. A specially crafted web page can lead to use after free. An attacker could exploit this vulnerability by...

8.8CVSS8.6AI score0.0143EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.111 views

OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability

Talos Vulnerability Report TALOS-2020-1072 OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability August 31, 2020 CVE Number CVE-2020-6117,CVE-2020-6119,CVE-2020-6121,CVE-2020-6118,CVE-2020-6120,CVE-2020-6122 SUMMARY Multiple exploitable SQL injection vulnerabilities exist in th...

8.8CVSS8.1AI score0.01403EPSS
Exploits6
Talos
Talos
added 2020/07/14 12:0 a.m.111 views

Intel IGC64.DLL shader functionality ATOMIC_ADD code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, version 26.20.100.7584. A specially crafted vertex shader can cause an out-of-bounds write, which could lead to arbitrary code execution. An attacker can provide a specially crafted shader file to...

9CVSS9.3AI score0.06185EPSS
Exploits0
Talos
Talos
added 2019/09/17 12:0 a.m.111 views

Aspose.PDF for C++ parent generation remote code execution vulnerability

Summary An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger thi...

9.8CVSS9.9AI score0.03415EPSS
Exploits1
Talos
Talos
added 2019/09/04 12:0 a.m.111 views

Blynk inc. Blynk-Library BlynkProtocol<Transp>::processInput() information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. Tested...

5.3CVSS5.1AI score0.01876EPSS
Exploits1
Talos
Talos
added 2016/07/18 12:0 a.m.111 views

Apple Core Graphics BMP Framework img_decode_read Remote Code Execution Vulnerability

SUMMARY An exploitable out of bounds write exists in the handling of BMP images on Apple OS X and iOS. A crafted BMP document can lead to an out of bounds write resulting in remote code execution. Vulnerability can be triggered via a saved BMP file delivered by other means when opened in any...

8.8CVSS0.9AI score0.04331EPSS
Exploits2
Talos
Talos
added 2020/10/29 12:0 a.m.110 views

Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27653 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect HTTP connection functionality of Synology SRM...

8.3CVSS7.7AI score0.00822EPSS
Exploits1
Talos
Talos
added 2018/10/09 12:0 a.m.110 views

Intuit Quicken Deluxe 2018 for Mac Password Protection Authentication Bypass Vulnerability

Summary An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data withou...

7.1CVSS7AI score0.00432EPSS
Exploits1
Talos
Talos
added 2015/10/21 12:0 a.m.110 views

NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability

Talos Vulnerability Report TALOS-2015-0069 NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability October 21, 2015 CVE Number CVE-2015-7871 Summary Unauthenticated off-path attackers can force ntpd processes to peer with malicious time sources of the attacker’s choosing...

9.8CVSS9.9AI score0.81762EPSS
Exploits2
Talos
Talos
added 2021/07/26 12:0 a.m.109 views

CODESYS Development System ObjectManager.plugin ProfileInformation.ProfileData Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file ...

8.8CVSS8AI score0.01671EPSS
Exploits1
Talos
Talos
added 2019/03/07 12:0 a.m.109 views

Pixar Renderman Install Helper Privilege Escalation Vulnerability

Summary A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0’s Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful...

9CVSS8.2AI score0.00881EPSS
Exploits1
Talos
Talos
added 2017/11/13 12:0 a.m.109 views

Foscam IP Video Camera CGIProxy.fcgi SoftAP Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration...

8.8CVSS7.6AI score0.0504EPSS
Exploits2
Talos
Talos
added 2020/10/29 12:0 a.m.108 views

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability October 29, 2020 CVE Number None SUMMARY An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers...

6.9AI score
Exploits0
Talos
Talos
added 2020/03/09 12:0 a.m.108 views

WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability

Summary An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC100/200 controllers. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information...

7.5CVSS7.9AI score0.02199EPSS
Exploits1
Talos
Talos
added 2022/01/26 12:0 a.m.107 views

Reolink RLC-410W "update" firmware checks firmware update vulnerability

Summary A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Reolink...

8.3CVSS7.7AI score0.00907EPSS
Exploits0
Talos
Talos
added 2019/04/15 12:0 a.m.107 views

Shimo VPN helper tool writeConfig privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An...

9.3CVSS8AI score0.0068EPSS
Exploits1
Talos
Talos
added 2018/12/17 12:0 a.m.107 views

Webroot BrightCloud SDK HTTP connection unsafe defaults vulnerability

Summary An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightClou...

8.1CVSS8.4AI score0.00732EPSS
Exploits0
Total number of security vulnerabilities2224