2224 matches found
Circle with Disney WiFi Restart SSID Parsing Command Injection Vulnerability
Summary An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point...
Reolink RLC-410W "update" firmware checks firmware update vulnerability
Summary A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Reolink...
OS4Ed openSIS CoursePeriodModal.php page multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7...
Network Time Protocol ntpq and ntpdc Infinite Loop Vulnerability
CERT VU357792 Summary ntpq processes incoming packets in a loop in getresponse. The loop’s only stopping conditions are receiving a complete and correct response or hitting a small number of error conditions. If the packet contains incorrect values that don’t trigger one of the error conditions,...
llama.cpp GGUF library gguf_fread_str heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1913 llama.cpp GGUF library gguffreadstr heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23496 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library gguffreadstr functionality of llama.cpp Commit 18c2e17....
VMWare vCenter Server DCERPC association groups use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1799 VMWare vCenter Server DCERPC association groups use-after-free vulnerability July 13, 2023 CVE Number CVE-2023-20893 SUMMARY A use-after-free vulnerability exists in the library supporting DCERPC functionality in VMWare vCenter Server 7.0.3.01000. A seri...
Rockwell Automation RSLinx classic ethernet/IP server denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this...
NitroPDF jpeg2000 ssizDepth Remote Code Execution Vulnerability
Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...
AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability...
Jenkins Swarm Plugin XML external entities information disclosure vulnerability
Summary The Jenkins Self-Organizing Swarm Modules Plugin, version 3.14, contains a trivial XXE XML External Entities vulnerability inside of the getCandidateFromDatagramResponses method. As a result of this issue, it is possible for an attacker on the same network as a Swarm client to read...
GOG Galaxy updater temp directory insecure file permissions local privilege elevation vulnerability
Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s Temp directory. An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. Tested Versions...
ACD Systems Canvas Draw 4 FillSpan Out of Bounds Write Code Execution Vulnerability
Summary An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
Circle with Disney Token Routing Vulnerability
Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...
NitroPDF CharProcs Remote Code Execution Vulnerability
Summary An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability. Tested Versions NitroPDF 12.2.1.52...
D-LINK DIR-3040 Syslog information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1283 D-LINK DIR-3040 Syslog information disclosure vulnerability July 15, 2021 CVE Number CVE-2021-21818 Summary A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network...
NitroPDF Page Kids Remote Code Execution Vulnerability
Summary A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Tested Versions NitroPD...
Tablib Yaml Load Code Execution Vulnerability
Summary An exploitable vulnerability exists in the Databook loading functionality of Tablib. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability. Tested Versions Tablib v0.11.4...
Robustel R1510 web_server hashFirst denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1575 Robustel R1510 webserver hashFirst denial of service vulnerability October 14, 2022 CVE Number...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Port Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
OS4Ed openSIS email parameter SQL injection vulnerability
Summary An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...
OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed...
NitroPDF jpeg2000 yTsiz Remote Code Execution Vulnerability
Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...
Atlassian Jira Worklog Information Disclosure Vulnerability
Summary A worklog information disclosure vulnerability exists in Atlassian Jira 7.6.4, from version 7.6.4 to 8.1.0. Authenticated users can view worklog details for issues they do not have permission to view via the /rest/api/2/worklog/list API endpoint. They can also obtain a list of worklog ID’...
Novatek NT9665X HFS Overwrite denial-of-service vulnerability
Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send a...
NordVPN VPN client connect privilege escalation vulnerability
Summary An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. Tested Versions NordVPN 6.14.28.0 Product...
Natus Xltek EEG NeuroWorks SavePatientMontage Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. Teste...
Circle with Disney WiFi Insecure Access Point Vulnerability
Summary An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed “de-auth” packets to trigger this...
AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can...
NVIDIA NVWGF2UMX_CFG.DLL Shader functionality DCL_INDEXABLETEMP code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in NVIDIA NVWGF2UMXCFG driver, versions 25.21.14.2531 and 425.31. A specially crafted pixel shader can cause an untrusted pointer dereference. An attacker can provide a specially crafted shader file to trigger this vulnerability. This...
Apple Image I/O API Tiled TIFF Remote Code Execution Vulnerability
SUMMARY An exploitable heap based buffer overflow exists in the handling of TIFF images on Apple OS X and iOS operating systems. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. This vulnerability can be triggered via malicious web page, MMS...
Google Chrome PDFium Javascript Regexp Memory Corruption Vulnerability
Summary An exploitable memory corruption vulnerability exists in the way PDFium inside Google Chrome version 80.0.3987.158 executes Javascript regular expressions. The vulnerability could potentially be abused to achieve arbitrary code execution in the browser context. In order to trigger this...
Zoom Communications Registered Users Enumeration
Summary Zoom doesn’t properly validate certain XMPP requests coming from the clients, which can lead to disclosure of details about registered users. Tested Versions Zoom Service As Of April 9th 2020 Product URLs https://zoom.us CVSSv3 Score 6.5 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE...
Winco Fireworks FireFly Bluetooth Low Energy Improper Access Control Vulnerability
Summary An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. Tested Versions Winco Fireworks FireFly FW-1007 V2.0 Product URLs...
Kakadu SDK JPEG 2000 Unknown Marker Code Execution Vulnerability
Summary A code execution vulnerability exists in the Kakadu SDK 7.9’s parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise. Tested Versions Kakadu SDK 7.9 - OSX & Lin...
RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0067 RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability January 7, 2016 CVE Number CVE-2015-8271 Description The vulnerability occurs within the AMF3CDAddProp function within amf.c. If an attacker sets up a malicious RTMP Media serve...
D-LINK DIR-3040 Libcli test environment hard-coded password vulnerability
Summary A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions D-LINK DIR-3040...
NitroPDF ICCBased Color Space Remote Code Execution Vulnerability
Summary A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Tested Versions NitroPD...
NitroPDF Stream Length Memory Corruption Vulnerability
Summary An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability. Tested Versions NitroPDF...
Atlassian Jira issue attachment name information disclosure vulnerability
Summary An issue attachment name information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid attachment names and invalid attachment names for any given issue via /rest/api/1.0/render API endpoint. Tested Versions...
AutoDesk AutoCAD 2019 cell margin code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019 P.46.0.0. A specially crafted DXF file with too many cell margins populating an AcCellMargin object can cause a heap overflow, resulting in code execution. An attacker can provide a...
Zabbix Server Config Proxy Request Information Disclosure Vulnerability
Summary An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make...
LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability
Summary An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...
DD-WRT httpd unescape memory corruption vulnerability
Summary A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions DD-WRT Revision 322...
Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability
Summary A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Disc Soft...
Foxit Reader JavaScript choice field use-after-free vulnerability
Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Windows 10 Insider Preview Fast win32kbase HMMarkObjectDestroy Arbitrary Code Execution Vulnerability Regression
Summary A use after free vulnerability exists in Windows 10, Insider Preview Fast 10.0.19582.1001, when a Win32k component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the kernel context and elevation of...
Foxit PDF Reader JavaScript XFA Clone Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
CGAL libcgal multiple code execution vulnerabilities in Nef polygon-parsing code
Summary Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigg...
Advantech WebAccess/SCADA installation privilege escalation vulnerability
Summary Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. Depending on the vector chosen, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Tested...
X11 Mesa 3D Graphics Library shared memory permissions vulnerability
Summary An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. Tested Versions Mesa 3D X11 Graphics library 19.1.2 Product URLs...