Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2017/10/31 12:0 a.m.106 views

Circle with Disney WiFi Restart SSID Parsing Command Injection Vulnerability

Summary An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point...

9CVSS8.3AI score0.01441EPSS
Exploits2
Talos
Talos
added 2022/01/26 12:0 a.m.105 views

Reolink RLC-410W "update" firmware checks firmware update vulnerability

Summary A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Reolink...

8.3CVSS7.7AI score0.00907EPSS
Exploits0
Talos
Talos
added 2020/08/31 12:0 a.m.105 views

OS4Ed openSIS CoursePeriodModal.php page multiple SQL injection vulnerabilities

Summary Multiple exploitable SQL injection vulnerabilities exist in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7...

8.8CVSS8.1AI score0.01766EPSS
Exploits3
Talos
Talos
added 2016/01/19 12:0 a.m.105 views

Network Time Protocol ntpq and ntpdc Infinite Loop Vulnerability

CERT VU357792 Summary ntpq processes incoming packets in a loop in getresponse. The loop’s only stopping conditions are receiving a complete and correct response or hitting a small number of error conditions. If the packet contains incorrect values that don’t trigger one of the error conditions,...

5.9CVSS6.6AI score0.07546EPSS
Exploits0
Talos
Talos
added 2024/02/26 12:0 a.m.104 views

llama.cpp GGUF library gguf_fread_str heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1913 llama.cpp GGUF library gguffreadstr heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23496 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library gguffreadstr functionality of llama.cpp Commit 18c2e17....

9.8CVSS8.8AI score0.01349EPSS
Exploits1
Talos
Talos
added 2023/07/13 12:0 a.m.104 views

VMWare vCenter Server DCERPC association groups use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1799 VMWare vCenter Server DCERPC association groups use-after-free vulnerability July 13, 2023 CVE Number CVE-2023-20893 SUMMARY A use-after-free vulnerability exists in the library supporting DCERPC functionality in VMWare vCenter Server 7.0.3.01000. A seri...

9.8CVSS9.1AI score0.01248EPSS
Exploits0
Talos
Talos
added 2021/01/07 12:0 a.m.104 views

Rockwell Automation RSLinx classic ethernet/IP server denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this...

7.5CVSS7.5AI score0.03388EPSS
Exploits1
Talos
Talos
added 2019/10/09 12:0 a.m.104 views

NitroPDF jpeg2000 ssizDepth Remote Code Execution Vulnerability

Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...

8.8CVSS8.6AI score0.02282EPSS
Exploits1
Talos
Talos
added 2019/09/16 12:0 a.m.104 views

AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability...

10CVSS9.4AI score0.02013EPSS
Exploits0
Talos
Talos
added 2019/05/06 12:0 a.m.104 views

Jenkins Swarm Plugin XML external entities information disclosure vulnerability

Summary The Jenkins Self-Organizing Swarm Modules Plugin, version 3.14, contains a trivial XXE XML External Entities vulnerability inside of the getCandidateFromDatagramResponses method. As a result of this issue, it is possible for an attacker on the same network as a Swarm client to read...

9.3CVSS9.2AI score0.01794EPSS
Exploits0
Talos
Talos
added 2019/03/26 12:0 a.m.104 views

GOG Galaxy updater temp directory insecure file permissions local privilege elevation vulnerability

Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s Temp directory. An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. Tested Versions...

9.3CVSS8.1AI score0.00598EPSS
Exploits1
Talos
Talos
added 2019/01/30 12:0 a.m.104 views

ACD Systems Canvas Draw 4 FillSpan Out of Bounds Write Code Execution Vulnerability

Summary An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

8.8CVSS8.2AI score0.01893EPSS
Exploits1
Talos
Talos
added 2017/10/31 12:0 a.m.104 views

Circle with Disney Token Routing Vulnerability

Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...

9.8CVSS8.8AI score0.01671EPSS
Exploits2
Talos
Talos
added 2019/10/09 12:0 a.m.103 views

NitroPDF CharProcs Remote Code Execution Vulnerability

Summary An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability. Tested Versions NitroPDF 12.2.1.52...

7.8CVSS7.6AI score0.01331EPSS
Exploits1
Talos
Talos
added 2021/07/15 12:0 a.m.102 views

D-LINK DIR-3040 Syslog information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1283 D-LINK DIR-3040 Syslog information disclosure vulnerability July 15, 2021 CVE Number CVE-2021-21818 Summary A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network...

7.5CVSS7.5AI score0.01948EPSS
Exploits2
Talos
Talos
added 2019/10/09 12:0 a.m.102 views

NitroPDF Page Kids Remote Code Execution Vulnerability

Summary A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Tested Versions NitroPD...

8.8CVSS8.4AI score0.02562EPSS
Exploits1
Talos
Talos
added 2017/06/13 12:0 a.m.102 views

Tablib Yaml Load Code Execution Vulnerability

Summary An exploitable vulnerability exists in the Databook loading functionality of Tablib. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability. Tested Versions Tablib v0.11.4...

9.8CVSS8.9AI score0.0487EPSS
Exploits2
Talos
Talos
added 2022/10/14 12:0 a.m.101 views

Robustel R1510 web_server hashFirst denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1575 Robustel R1510 webserver hashFirst denial of service vulnerability October 14, 2022 CVE Number...

7.5CVSS6AI score0.01084EPSS
Exploits11
Talos
Talos
added 2020/10/13 12:0 a.m.101 views

Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Port Segment Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS7.4AI score0.03454EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.101 views

OS4Ed openSIS email parameter SQL injection vulnerability

Summary An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...

8.8CVSS7.7AI score0.01403EPSS
Exploits2
Talos
Talos
added 2020/08/31 12:0 a.m.101 views

OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities

Summary Multiple exploitable SQL injection vulnerabilities exist in the courseperiodid parameters used in OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed...

8.8CVSS8.1AI score0.01403EPSS
Exploits3
Talos
Talos
added 2019/10/09 12:0 a.m.101 views

NitroPDF jpeg2000 yTsiz Remote Code Execution Vulnerability

Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...

8.8CVSS8.6AI score0.02282EPSS
Exploits1
Talos
Talos
added 2019/09/16 12:0 a.m.101 views

Atlassian Jira Worklog Information Disclosure Vulnerability

Summary A worklog information disclosure vulnerability exists in Atlassian Jira 7.6.4, from version 7.6.4 to 8.1.0. Authenticated users can view worklog details for issues they do not have permission to view via the /rest/api/2/worklog/list API endpoint. They can also obtain a list of worklog ID’...

5.3CVSS5.2AI score0.02711EPSS
Exploits0
Talos
Talos
added 2019/05/13 12:0 a.m.101 views

Novatek NT9665X HFS Overwrite denial-of-service vulnerability

Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send a...

7.8CVSS6.3AI score0.01393EPSS
Exploits1
Talos
Talos
added 2018/09/07 12:0 a.m.101 views

NordVPN VPN client connect privilege escalation vulnerability

Summary An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. Tested Versions NordVPN 6.14.28.0 Product...

10CVSS8.7AI score0.02538EPSS
Exploits0
Talos
Talos
added 2018/04/04 12:0 a.m.101 views

Natus Xltek EEG NeuroWorks SavePatientMontage Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. Teste...

9.8CVSS9.7AI score0.02314EPSS
Exploits0
Talos
Talos
added 2018/04/04 12:0 a.m.101 views

Circle with Disney WiFi Insecure Access Point Vulnerability

Summary An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed “de-auth” packets to trigger this...

6.5CVSS6.5AI score0.00654EPSS
Exploits1
Talos
Talos
added 2019/12/05 12:0 a.m.100 views

AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability

Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can...

8.6CVSS8.2AI score0.02029EPSS
Exploits1
Talos
Talos
added 2019/08/05 12:0 a.m.100 views

NVIDIA NVWGF2UMX_CFG.DLL Shader functionality DCL_INDEXABLETEMP code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in NVIDIA NVWGF2UMXCFG driver, versions 25.21.14.2531 and 425.31. A specially crafted pixel shader can cause an untrusted pointer dereference. An attacker can provide a specially crafted shader file to trigger this vulnerability. This...

7.2AI score
Exploits0
Talos
Talos
added 2016/07/18 12:0 a.m.100 views

Apple Image I/O API Tiled TIFF Remote Code Execution Vulnerability

SUMMARY An exploitable heap based buffer overflow exists in the handling of TIFF images on Apple OS X and iOS operating systems. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. This vulnerability can be triggered via malicious web page, MMS...

8.8CVSS0.1AI score0.0485EPSS
Exploits1
Talos
Talos
added 2020/07/02 12:0 a.m.99 views

Google Chrome PDFium Javascript Regexp Memory Corruption Vulnerability

Summary An exploitable memory corruption vulnerability exists in the way PDFium inside Google Chrome version 80.0.3987.158 executes Javascript regular expressions. The vulnerability could potentially be abused to achieve arbitrary code execution in the browser context. In order to trigger this...

8.8CVSS9.3AI score0.01326EPSS
Exploits0
Talos
Talos
added 2020/04/21 12:0 a.m.99 views

Zoom Communications Registered Users Enumeration

Summary Zoom doesn’t properly validate certain XMPP requests coming from the clients, which can lead to disclosure of details about registered users. Tested Versions Zoom Service As Of April 9th 2020 Product URLs https://zoom.us CVSSv3 Score 6.5 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE...

7AI score
Exploits0
Talos
Talos
added 2019/05/08 12:0 a.m.99 views

Winco Fireworks FireFly Bluetooth Low Energy Improper Access Control Vulnerability

Summary An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. Tested Versions Winco Fireworks FireFly FW-1007 V2.0 Product URLs...

6.5CVSS6.9AI score0.00645EPSS
Exploits0
Talos
Talos
added 2017/08/04 12:0 a.m.99 views

Kakadu SDK JPEG 2000 Unknown Marker Code Execution Vulnerability

Summary A code execution vulnerability exists in the Kakadu SDK 7.9’s parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise. Tested Versions Kakadu SDK 7.9 - OSX & Lin...

8.8CVSS8.3AI score0.01543EPSS
Exploits1
Talos
Talos
added 2016/01/07 12:0 a.m.99 views

RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0067 RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability January 7, 2016 CVE Number CVE-2015-8271 Description The vulnerability occurs within the AMF3CDAddProp function within amf.c. If an attacker sets up a malicious RTMP Media serve...

9.8CVSS9.9AI score0.05923EPSS
Exploits1
Talos
Talos
added 2021/07/15 12:0 a.m.98 views

D-LINK DIR-3040 Libcli test environment hard-coded password vulnerability

Summary A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions D-LINK DIR-3040...

10CVSS9.7AI score0.02962EPSS
Exploits1
Talos
Talos
added 2019/10/09 12:0 a.m.98 views

NitroPDF ICCBased Color Space Remote Code Execution Vulnerability

Summary A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Tested Versions NitroPD...

8.8CVSS8.5AI score0.02282EPSS
Exploits1
Talos
Talos
added 2019/10/09 12:0 a.m.98 views

NitroPDF Stream Length Memory Corruption Vulnerability

Summary An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability. Tested Versions NitroPDF...

7.8CVSS7.9AI score0.01331EPSS
Exploits1
Talos
Talos
added 2019/09/16 12:0 a.m.98 views

Atlassian Jira issue attachment name information disclosure vulnerability

Summary An issue attachment name information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid attachment names and invalid attachment names for any given issue via /rest/api/1.0/render API endpoint. Tested Versions...

5.3CVSS5.1AI score0.03012EPSS
Exploits1
Talos
Talos
added 2019/02/14 12:0 a.m.98 views

AutoDesk AutoCAD 2019 cell margin code execution vulnerability

Summary An exploitable heap overflow vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019 P.46.0.0. A specially crafted DXF file with too many cell margins populating an AcCellMargin object can cause a heap overflow, resulting in code execution. An attacker can provide a...

7.8CVSS8AI score0.01636EPSS
Exploits0
Talos
Talos
added 2018/04/09 12:0 a.m.98 views

Zabbix Server Config Proxy Request Information Disclosure Vulnerability

Summary An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make...

4.3CVSS3.8AI score0.03386EPSS
Exploits1
Talos
Talos
added 2016/10/25 12:0 a.m.98 views

LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability

Summary An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...

7CVSS8.6AI score0.04298EPSS
Exploits2
Talos
Talos
added 2022/07/27 12:0 a.m.97 views

DD-WRT httpd unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions DD-WRT Revision 322...

9.8CVSS7.4AI score0.00993EPSS
Exploits1
Talos
Talos
added 2021/08/17 12:0 a.m.97 views

Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability

Summary A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Disc Soft...

9.8CVSS9.3AI score0.01153EPSS
Exploits1
Talos
Talos
added 2020/12/09 12:0 a.m.97 views

Foxit Reader JavaScript choice field use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS9.2AI score0.71145EPSS
Exploits1
Talos
Talos
added 2020/05/05 12:0 a.m.97 views

Windows 10 Insider Preview Fast win32kbase HMMarkObjectDestroy Arbitrary Code Execution Vulnerability Regression

Summary A use after free vulnerability exists in Windows 10, Insider Preview Fast 10.0.19582.1001, when a Win32k component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the kernel context and elevation of...

7.8CVSS8.4AI score0.01055EPSS
Exploits0
Talos
Talos
added 2018/04/19 12:0 a.m.97 views

Foxit PDF Reader JavaScript XFA Clone Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.9AI score0.0287EPSS
Exploits1
Talos
Talos
added 2021/02/24 12:0 a.m.96 views

CGAL libcgal multiple code execution vulnerabilities in Nef polygon-parsing code

Summary Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigg...

9.2AI score
Exploits0
Talos
Talos
added 2021/02/16 12:0 a.m.96 views

Advantech WebAccess/SCADA installation privilege escalation vulnerability

Summary Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. Depending on the vector chosen, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Tested...

8.8CVSS9AI score0.00504EPSS
Exploits3
Talos
Talos
added 2019/10/23 12:0 a.m.97 views

X11 Mesa 3D Graphics Library shared memory permissions vulnerability

Summary An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. Tested Versions Mesa 3D X11 Graphics library 19.1.2 Product URLs...

5.1CVSS4.8AI score0.00504EPSS
Exploits1
Total number of security vulnerabilities2224