Lucene search
K
TalosMost viewed

2224 matches found

Talos
Talos
added 2017/07/07 12:0 a.m.88 views

Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability

Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF...

8.8CVSS8.4AI score0.02716EPSS
Exploits1
Talos
Talos
added 2022/10/27 12:0 a.m.87 views

InHand Networks InRouter302 console nvram leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1518 InHand Networks InRouter302 console nvram leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-29481 SUMMARY A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A...

6.5CVSS6.2AI score0.00765EPSS
Exploits1
Talos
Talos
added 2020/11/12 12:0 a.m.87 views

Pixar OpenUSD binary file format compressed sections code execution vulnerabilities

Summary A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in remote code execution. To trigger this vulnerability, the victim needs to open a...

8.8CVSS7.9AI score0.01433EPSS
Exploits4
Talos
Talos
added 2020/10/29 12:0 a.m.87 views

Synology SRM QuickConnect iptables network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the QuickConnect iptables functionality of Synology SRM 1.2.3 RT2600ac 8017-5. Packets originating from the QuickConnect VPN interface are not filtered, resulting in unrestricted communication with any network service running...

10CVSS8.3AI score0.01745EPSS
Exploits1
Talos
Talos
added 2019/09/16 12:0 a.m.87 views

Atlassian Jira Tempo plugin issue summary information disclosure vulnerability

Summary An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira Tempo Core syste...

4.3CVSS4.3AI score0.01123EPSS
Exploits1
Talos
Talos
added 2019/09/03 12:0 a.m.87 views

Epignosis eFront LMS unauthenticated SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities,...

6.5CVSS6.9AI score0.01025EPSS
Exploits1
Talos
Talos
added 2019/01/28 12:0 a.m.87 views

Python.org CPython X509 certificate parsing denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using...

7.5CVSS7.7AI score0.20743EPSS
Exploits1
Talos
Talos
added 2019/01/02 12:0 a.m.87 views

CleanMyMac X moveToTrashItemAtPath privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmym...

7.1CVSS6AI score0.00309EPSS
Exploits0
Talos
Talos
added 2015/08/13 12:0 a.m.87 views

Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0015 Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3791 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the elementary video...

6.8CVSS8.9AI score0.0364EPSS
Exploits0
Talos
Talos
added 2021/10/11 12:0 a.m.86 views

Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability

Talos Vulnerability Report TALOS-2021-1370 Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability October 11, 2021 CVE Number CVE-2021-21941 SUMMARY A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A...

10CVSS9.2AI score0.01625EPSS
Exploits1
Talos
Talos
added 2021/07/07 12:0 a.m.86 views

IOBit Advanced SystemCare ultimate privileged I/O write vulnerabilities

Summary A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. A specially crafted I/O request packet IRP can lead to privileged writes which can result in elevation of privileges of the current user. A...

8.8CVSS8.6AI score0.00338EPSS
Exploits3
Talos
Talos
added 2020/12/09 12:0 a.m.86 views

Foxit Reader JavaScript remove template use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

8.8CVSS8.6AI score0.02239EPSS
Exploits1
Talos
Talos
added 2019/05/14 12:0 a.m.86 views

Adobe Acrobat Reader DC OCGs state change remote code execution vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.10.20069. This can lead to arbitrary code execution with careful memory manipulation. The victim would need to open the malicious file or...

9.3CVSS8.9AI score0.10223EPSS
Exploits1
Talos
Talos
added 2019/04/25 12:0 a.m.86 views

Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an...

9CVSS9.2AI score0.27851EPSS
Exploits3
Talos
Talos
added 2022/02/28 12:0 a.m.85 views

MZ Automation GmbH libiec61850 parseNormalModeParameters denial of service vulnerability

Summary A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this...

7.5CVSS7.5AI score0.01797EPSS
Exploits1
Talos
Talos
added 2021/07/15 12:0 a.m.85 views

D-LINK DIR-3040 Libcli command injection vulnerability

Summary A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions D-LINK...

9.1CVSS8.3AI score0.02886EPSS
Exploits2
Talos
Talos
added 2021/06/02 12:0 a.m.85 views

Apple macOS SMB server IOCTL request uninitialized stack variable vulnerability

Summary A memory corruption vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger the use of an uninitialized stack variable which can lead to memory corruption and denial of service. This vulnerability can be triggered by sending a malicious packet t...

7.8CVSS8.7AI score0.03766EPSS
Exploits0
Talos
Talos
added 2021/04/21 12:0 a.m.85 views

Prusa Research PrusaSlicer Objparser::objparse() stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS8AI score0.01436EPSS
Exploits1
Talos
Talos
added 2021/04/13 12:0 a.m.85 views

OpenClinic GA installation privilege escalation vulnerability

Summary An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. Tested Versions OpenClinic GA 5.173.3 Product URLs...

8.8CVSS8AI score0.00763EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.85 views

OS4Ed openSIS Password Reset Multiple SQL injection vulnerabilities

Summary Multiple SQL injection vulnerabilities exist in the password reset functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...

9.8CVSS9.9AI score0.02634EPSS
Exploits3
Talos
Talos
added 2019/05/14 12:0 a.m.85 views

Antenna House Rainbow PDF Office server document converter TxMasterStyleAtom parsing code execution vulnerability

Summary A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 7,0,2019,0220. While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds...

8.8CVSS8.9AI score0.02866EPSS
Exploits1
Talos
Talos
added 2019/01/30 12:0 a.m.85 views

ACD Systems Canvas Draw 5 Resolution_Set out-of-bounds write code execution vulnerability

Summary An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

8.8CVSS8.1AI score0.02253EPSS
Exploits1
Talos
Talos
added 2018/04/26 12:0 a.m.85 views

Hyland Perceptive Document Filters DOC to HTML updateNumbering Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. Tested Versions Perceptive Document...

8.8CVSS8.3AI score0.01926EPSS
Exploits2
Talos
Talos
added 2016/10/18 12:0 a.m.85 views

Hopper Disassembler ELF Section Header Size Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...

7.8CVSS0.5AI score0.01251EPSS
Exploits1
Talos
Talos
added 2021/07/15 12:0 a.m.84 views

D-LINK DIR-3040 Syslog information disclosure vulnerability

Summary An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions D-LINK DIR-30...

6.5CVSS4.8AI score0.36486EPSS
Exploits1
Talos
Talos
added 2020/03/25 12:0 a.m.84 views

3S CODESYS control authentication hard-coded encryption key vulnerability

Talos Vulnerability Report TALOS-2019-0896 3S CODESYS control authentication hard-coded encryption key vulnerability March 25, 2020 CVE Number CVE-2019-5104 Summary A hard-coded encryption key vulnerability exists in the authentication functionality of 3S CODESYS Control, version 3.5.13.20. An...

0.4AI score
Exploits0
Talos
Talos
added 2019/11/05 12:0 a.m.84 views

LEADTOOLS TIF ImageWidth code execution vulnerability

Summary An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a...

8.8CVSS8.1AI score0.01996EPSS
Exploits1
Talos
Talos
added 2018/06/19 12:0 a.m.84 views

Insteon Hub PubNub Firmware Upgrade Confusion Permanent Denial Of Service Vulnerability

Summary An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the kind of firmware image that is...

8.7CVSS7.5AI score0.00512EPSS
Exploits2
Talos
Talos
added 2020/12/16 12:0 a.m.83 views

NZXT CAM WinRing0x64 driver IRP 0x9c402088 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions NZXT CAM 4.8...

8.8CVSS8.9AI score0.00566EPSS
Exploits2
Talos
Talos
added 2020/09/23 12:0 a.m.83 views

Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities

Talos Vulnerability Report TALOS-2020-1106 Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities September 23, 2020 CVE Number CVE-2020-13501,CVE-2020-13499,CVE-2020-13500 SUMMARY Multiple SQL injection vulnerabilities exists in the CHaD.asmx web service...

9.8CVSS10AI score0.02912EPSS
Exploits3
Talos
Talos
added 2019/03/26 12:0 a.m.83 views

GOG Galaxy Games fillProcessInformationForPids information leak vulnerability

Summary An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user. Tested Versions Gog Galaxy...

6.2CVSS5.2AI score0.00357EPSS
Exploits0
Talos
Talos
added 2019/01/30 12:0 a.m.83 views

ACD Systems Canvas Draw 5 IO metadata out-of-bounds write code execution vulnerability

Summary An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image t...

8.8CVSS8AI score0.01846EPSS
Exploits1
Talos
Talos
added 2018/09/05 12:0 a.m.83 views

ERPNext SQL Injection Vulnerabilities

Summary Exploitable SQL injection vulnerabilities exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. Tested...

8.8CVSS7.5AI score0.00919EPSS
Exploits3
Talos
Talos
added 2017/07/24 12:0 a.m.83 views

FreeRDP Rdp Client License Recv Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the...

8.8CVSS7.6AI score0.01826EPSS
Exploits1
Talos
Talos
added 2015/10/21 12:0 a.m.83 views

Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability

Talos Vulnerability Report TALOS-2015-0062 Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability October 21, 2015 CVE Number CVE-2015-7851 Description A potential path traversal vulnerability exists in the config file saving of ntpd on VMS. A specially crafted path could cause a...

6.5CVSS7.6AI score0.03942EPSS
Exploits1
Talos
Talos
added 2023/09/05 12:0 a.m.82 views

Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1769 Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability September 5, 2023 CVE Number CVE-2023-31242 SUMMARY An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platfor...

9.8CVSS9.2AI score0.03356EPSS
Exploits1
Talos
Talos
added 2020/12/16 12:0 a.m.82 views

NZXT CAM WinRing0x64 Driver IRP 0x9c406104 information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...

6.5CVSS5.5AI score0.00524EPSS
Exploits1
Talos
Talos
added 2019/03/26 12:0 a.m.82 views

GOG Galaxy Games changeFolderPermissionsAtPath privilege escalation vulnerability

Summary An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges. Tested Versions Gog Galaxy 1.2....

7.8CVSS7.4AI score0.00353EPSS
Exploits0
Talos
Talos
added 2018/12/17 12:0 a.m.82 views

Webroot BrightCloud SDK HTTP headers-parsing code execution vulnerability

Summary An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightClo...

9.3CVSS8.6AI score0.02546EPSS
Exploits1
Talos
Talos
added 2024/08/13 12:0 a.m.81 views

Microsoft Windows CLIPSP.SYS License Update Field Type 0x20 out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1969 Microsoft Windows CLIPSP.SYS License Update Field Type 0x20 out-of-bounds read vulnerability August 13, 2024 CVE Number CVE-2024-38187 SUMMARY An out-of-bounds read vulnerability exists in the License Update Field Type 0x20 functionality of Microsoft...

7.8CVSS8.1AI score0.01114EPSS
Exploits0
Talos
Talos
added 2022/08/16 12:0 a.m.81 views

WWBN AVideo ObjectYPT SQL injection vulnerability

Talos Vulnerability Report TALOS-2022-1551 WWBN AVideo ObjectYPT SQL injection vulnerability August 16, 2022 CVE Number CVE-2022-33147,CVE-2022-34652,CVE-2022-33149,CVE-2022-33148 SUMMARY A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit...

8.8CVSS9AI score0.01636EPSS
Exploits0
Talos
Talos
added 2021/04/08 12:0 a.m.81 views

Rukovoditel Project Management App multiple SQL injection vulnerabilities in the 'entities/fields' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can b...

8.8CVSS6.4AI score0.00968EPSS
Exploits3
Talos
Talos
added 2020/02/03 12:0 a.m.81 views

Mini-SNMPD decode_cnt information leak vulnerability

Summary An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger th...

9.1CVSS8.9AI score0.02388EPSS
Exploits1
Talos
Talos
added 2019/12/02 12:0 a.m.81 views

Forma LMS 2.2.1 /appLms/ajax.server.php filter_cat and filter_status parameters SQL injections

Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.5AI score
Exploits0
Talos
Talos
added 2022/01/25 12:0 a.m.80 views

Apple macOS ImageIO DDS image out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the DDS image parsing functionality of ImageIO library on Apple macOS Big Sur 11.6.1 and iOS 15.1. A specially-crafted DDS file can disclose sensitive memory content which can aid in exploitation of other vulnerabilities. An attacker can deliv...

7.8CVSS7.7AI score0.04065EPSS
Exploits0
Talos
Talos
added 2020/03/09 12:0 a.m.80 views

WAGO PFC200 Cloud Connectivity Improper Host Validation Vulnerability

Summary An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An...

9.1CVSS8.9AI score0.02672EPSS
Exploits1
Talos
Talos
added 2019/12/11 12:0 a.m.80 views

Kakadu Software SDK ATK marker code execution vulnerability

Summary An exploitable heap underflow vulnerability exists in the derivetapsandgains function in kduv7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim t...

8.8CVSS8.6AI score0.02435EPSS
Exploits0
Talos
Talos
added 2019/08/05 12:0 a.m.80 views

VMware Workstation 15 pixel shader functionality denial of service vulnerability

Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest...

9.6CVSS8.8AI score0.01628EPSS
Exploits0
Talos
Talos
added 2018/12/03 12:0 a.m.80 views

Netgate pfSense system_advanced_misc.php multiple remote command injection vulnerabilities

Summary Three exploitable command injection vulnerabilities exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send...

7.2CVSS7.7AI score0.7221EPSS
Exploits3
Talos
Talos
added 2018/07/26 12:0 a.m.80 views

Samsung SmartThings Hub hubCore port 39500 sync denial-of-service vulnerability

Summary An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings’ remote servers, which incorrectly handle camera IDs for the “sync” operation, leading to arbitrary deleti...

7.5CVSS7AI score0.00989EPSS
Exploits2
Total number of security vulnerabilities2224