2224 matches found
Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability
Summary An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler-0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF...
InHand Networks InRouter302 console nvram leftover debug code vulnerability
Talos Vulnerability Report TALOS-2022-1518 InHand Networks InRouter302 console nvram leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-29481 SUMMARY A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A...
Pixar OpenUSD binary file format compressed sections code execution vulnerabilities
Summary A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in remote code execution. To trigger this vulnerability, the victim needs to open a...
Synology SRM QuickConnect iptables network misconfiguration vulnerability
Summary An exploitable network misconfiguration vulnerability exists in the QuickConnect iptables functionality of Synology SRM 1.2.3 RT2600ac 8017-5. Packets originating from the QuickConnect VPN interface are not filtered, resulting in unrestricted communication with any network service running...
Atlassian Jira Tempo plugin issue summary information disclosure vulnerability
Summary An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira Tempo Core syste...
Epignosis eFront LMS unauthenticated SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities,...
Python.org CPython X509 certificate parsing denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using...
CleanMyMac X moveToTrashItemAtPath privilege escalation vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmym...
Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0015 Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3791 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the elementary video...
Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability
Talos Vulnerability Report TALOS-2021-1370 Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability October 11, 2021 CVE Number CVE-2021-21941 SUMMARY A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A...
IOBit Advanced SystemCare ultimate privileged I/O write vulnerabilities
Summary A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. A specially crafted I/O request packet IRP can lead to privileged writes which can result in elevation of privileges of the current user. A...
Foxit Reader JavaScript remove template use-after-free vulnerability
Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...
Adobe Acrobat Reader DC OCGs state change remote code execution vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.10.20069. This can lead to arbitrary code execution with careful memory manipulation. The victim would need to open the malicious file or...
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an...
MZ Automation GmbH libiec61850 parseNormalModeParameters denial of service vulnerability
Summary A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this...
D-LINK DIR-3040 Libcli command injection vulnerability
Summary A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions D-LINK...
Apple macOS SMB server IOCTL request uninitialized stack variable vulnerability
Summary A memory corruption vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger the use of an uninitialized stack variable which can lead to memory corruption and denial of service. This vulnerability can be triggered by sending a malicious packet t...
Prusa Research PrusaSlicer Objparser::objparse() stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
OpenClinic GA installation privilege escalation vulnerability
Summary An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. Tested Versions OpenClinic GA 5.173.3 Product URLs...
OS4Ed openSIS Password Reset Multiple SQL injection vulnerabilities
Summary Multiple SQL injection vulnerabilities exist in the password reset functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...
Antenna House Rainbow PDF Office server document converter TxMasterStyleAtom parsing code execution vulnerability
Summary A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 7,0,2019,0220. While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds...
ACD Systems Canvas Draw 5 Resolution_Set out-of-bounds write code execution vulnerability
Summary An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...
Hyland Perceptive Document Filters DOC to HTML updateNumbering Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. Tested Versions Perceptive Document...
Hopper Disassembler ELF Section Header Size Code Execution Vulnerability
Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...
D-LINK DIR-3040 Syslog information disclosure vulnerability
Summary An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions D-LINK DIR-30...
3S CODESYS control authentication hard-coded encryption key vulnerability
Talos Vulnerability Report TALOS-2019-0896 3S CODESYS control authentication hard-coded encryption key vulnerability March 25, 2020 CVE Number CVE-2019-5104 Summary A hard-coded encryption key vulnerability exists in the authentication functionality of 3S CODESYS Control, version 3.5.13.20. An...
LEADTOOLS TIF ImageWidth code execution vulnerability
Summary An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a...
Insteon Hub PubNub Firmware Upgrade Confusion Permanent Denial Of Service Vulnerability
Summary An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the kind of firmware image that is...
NZXT CAM WinRing0x64 driver IRP 0x9c402088 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions NZXT CAM 4.8...
Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities
Talos Vulnerability Report TALOS-2020-1106 Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities September 23, 2020 CVE Number CVE-2020-13501,CVE-2020-13499,CVE-2020-13500 SUMMARY Multiple SQL injection vulnerabilities exists in the CHaD.asmx web service...
GOG Galaxy Games fillProcessInformationForPids information leak vulnerability
Summary An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user. Tested Versions Gog Galaxy...
ACD Systems Canvas Draw 5 IO metadata out-of-bounds write code execution vulnerability
Summary An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image t...
ERPNext SQL Injection Vulnerabilities
Summary Exploitable SQL injection vulnerabilities exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. Tested...
FreeRDP Rdp Client License Recv Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the...
Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability
Talos Vulnerability Report TALOS-2015-0062 Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability October 21, 2015 CVE Number CVE-2015-7851 Description A potential path traversal vulnerability exists in the config file saving of ntpd on VMS. A specially crafted path could cause a...
Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1769 Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability September 5, 2023 CVE Number CVE-2023-31242 SUMMARY An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platfor...
NZXT CAM WinRing0x64 Driver IRP 0x9c406104 information disclosure vulnerability
Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...
GOG Galaxy Games changeFolderPermissionsAtPath privilege escalation vulnerability
Summary An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges. Tested Versions Gog Galaxy 1.2....
Webroot BrightCloud SDK HTTP headers-parsing code execution vulnerability
Summary An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightClo...
Microsoft Windows CLIPSP.SYS License Update Field Type 0x20 out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1969 Microsoft Windows CLIPSP.SYS License Update Field Type 0x20 out-of-bounds read vulnerability August 13, 2024 CVE Number CVE-2024-38187 SUMMARY An out-of-bounds read vulnerability exists in the License Update Field Type 0x20 functionality of Microsoft...
WWBN AVideo ObjectYPT SQL injection vulnerability
Talos Vulnerability Report TALOS-2022-1551 WWBN AVideo ObjectYPT SQL injection vulnerability August 16, 2022 CVE Number CVE-2022-33147,CVE-2022-34652,CVE-2022-33149,CVE-2022-33148 SUMMARY A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit...
Rukovoditel Project Management App multiple SQL injection vulnerabilities in the 'entities/fields' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can b...
Mini-SNMPD decode_cnt information leak vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger th...
Forma LMS 2.2.1 /appLms/ajax.server.php filter_cat and filter_status parameters SQL injections
Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
Apple macOS ImageIO DDS image out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the DDS image parsing functionality of ImageIO library on Apple macOS Big Sur 11.6.1 and iOS 15.1. A specially-crafted DDS file can disclose sensitive memory content which can aid in exploitation of other vulnerabilities. An attacker can deliv...
WAGO PFC200 Cloud Connectivity Improper Host Validation Vulnerability
Summary An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An...
Kakadu Software SDK ATK marker code execution vulnerability
Summary An exploitable heap underflow vulnerability exists in the derivetapsandgains function in kduv7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim t...
VMware Workstation 15 pixel shader functionality denial of service vulnerability
Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest...
Netgate pfSense system_advanced_misc.php multiple remote command injection vulnerabilities
Summary Three exploitable command injection vulnerabilities exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send...
Samsung SmartThings Hub hubCore port 39500 sync denial-of-service vulnerability
Summary An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings’ remote servers, which incorrectly handle camera IDs for the “sync” operation, leading to arbitrary deleti...