2218 matches found
Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1607 Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40969 SUMMARY An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020....
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1638 Siretta QUARTZ-GOLD m2m DELETEFILE cmd OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40222 SUMMARY An OS command injection vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-14102...
Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1615 Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-38066 SUMMARY An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...
Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1609 Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-38088 SUMMARY A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. ...
Siretta QUARTZ-GOLD m2m m2m_parse_router_config cmd OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2022-1640 Siretta QUARTZ-GOLD m2m m2mparserouterconfig cmd OS command injection vulnerabilities January 26, 2023 CVE Number CVE-2022-42492,CVE-2022-42491,CVE-2022-42493,CVE-2022-42490 SUMMARY Several OS command injection vulnerabilities exist in the m2m binary of...
Siretta QUARTZ-GOLD httpd upload.cgi file write vulnerability
Talos Vulnerability Report TALOS-2022-1611 Siretta QUARTZ-GOLD httpd upload.cgi file write vulnerability January 26, 2023 CVE Number CVE-2022-39045 SUMMARY A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HT...
Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability
Talos Vulnerability Report TALOS-2022-1610 Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability January 26, 2023 CVE Number CVE-2022-38715 SUMMARY A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...
Siretta QUARTZ-GOLD m2m DELETE_FILE cmd directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1637 Siretta QUARTZ-GOLD m2m DELETEFILE cmd directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-41154 SUMMARY A directory traversal vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. ...
FreshTomato httpd update.cgi directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1642 FreshTomato httpd update.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-38451 SUMMARY A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can...
Ghost Foundation Ghost Post Creation insecure default installation vulnerability
Talos Vulnerability Report TALOS-2022-1686 Ghost Foundation Ghost Post Creation insecure default installation vulnerability January 19, 2023 CVE Number CVE-2022-47197,CVE-2022-47195,CVE-2022-47194,CVE-2022-47196 SUMMARY An insecure default vulnerability exists in the Post Creation functionality o...
Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1646 Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability January 18, 2023 CVE Number CVE-2022-40267 SUMMARY An authentication bypass vulnerability exists in the webserver session identifie...
Qt Project Qt QML QtScript Javascript spreading buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1650 Qt Project Qt QML QtScript Javascript spreading buffer overflow vulnerability January 12, 2023 CVE Number CVE-2022-43591 SUMMARY A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript...
Qt Project Qt QML QtScript Reflect API integer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1617 Qt Project Qt QML QtScript Reflect API integer overflow vulnerability January 12, 2023 CVE Number CVE-2022-40983 SUMMARY An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code...
Asus RT-AX82U cfg_server cm_processREQ_NC information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1590 Asus RT-AX82U cfgserver cmprocessREQNC information disclosure vulnerability January 10, 2023 CVE Number CVE-2022-38105 SUMMARY An information disclosure vulnerability exists in the cmprocessREQNC opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router’s...
Asus RT-AX82U cfg_server cm_processConnDiagPktList denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1592 Asus RT-AX82U cfgserver cmprocessConnDiagPktList denial of service vulnerability January 10, 2023 CVE Number CVE-2022-38393 SUMMARY A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U...
Asus RT-AX82U get_IFTTTTtoken.cgi authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1586 Asus RT-AX82U getIFTTTTtoken.cgi authentication bypass vulnerability January 10, 2023 CVE Number CVE-2022-35401 SUMMARY An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A...
OpenImageIO TGA Format Stack Buffer Overflow Vulnerability
Talos Vulnerability Report TALOS-2022-1628 OpenImageIO TGA Format Stack Buffer Overflow Vulnerability December 22, 2022 CVE Number CVE-2022-41981 SUMMARY A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can...
OpenImageIO RLE encoded BMP image out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1630 OpenImageIO RLE encoded BMP image out-of-bounds write vulnerability December 22, 2022 CVE Number CVE-2022-38143 SUMMARY A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted...
OpenImageIO DDS native tile reading denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1635 OpenImageIO DDS native tile reading denial of service vulnerability December 22, 2022 CVE Number CVE-2022-41999 SUMMARY A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and...
OpenImageIO Exif out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1636 OpenImageIO Exif out-of-bounds write vulnerability December 22, 2022 CVE Number CVE-2022-41837 SUMMARY An out-of-bounds write vulnerability exists in the OpenImageIO::addexifitemtospec functionality of OpenImageIO Project OpenImageIO v2.4.4.2...
OpenImageIO DDS scanline parsing code execution vulnerability
Talos Vulnerability Report TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability December 22, 2022 CVE Number CVE-2022-41838 SUMMARY A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A...
OpenImageIO TIFF file string field information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1627 OpenImageIO TIFF file string field information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41977 SUMMARY An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A...
OpenImageIO Project OpenImageIO DPXOutput::close() information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1651 OpenImageIO Project OpenImageIO DPXOutput::close information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-43592 SUMMARY An information disclosure vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project...
OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1653 OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43594,CVE-2022-43595 SUMMARY Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageI...
OpenImageIO Project OpenImageIO IFFOutput alignment padding memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1655 OpenImageIO Project OpenImageIO IFFOutput alignment padding memory corruption vulnerability December 22, 2022 CVE Number CVE-2022-43598,CVE-2022-43597 SUMMARY Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionali...
OpenImageIO TIFF IPTC decoding information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1643 OpenImageIO TIFF IPTC decoding information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41988 SUMMARY An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO...
OpenImageIO Project OpenImageIO DPXOutput::close() denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1652 OpenImageIO Project OpenImageIO DPXOutput::close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43593 SUMMARY A denial of service vulnerability exists in the DPXOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.4....
OpenImageIO PSD thumbnail resource code execution vulnerability
Talos Vulnerability Report TALOS-2022-1626 OpenImageIO PSD thumbnail resource code execution vulnerability December 22, 2022 CVE Number CVE-2022-41794 SUMMARY A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted...
OpenImageIO TIFF file IPTC data information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1631 OpenImageIO TIFF file IPTC data information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41649 SUMMARY A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A...
OpenImageIO TIFF tile pels decoding heap-based buffer overflow
Talos Vulnerability Report TALOS-2022-1633 OpenImageIO TIFF tile pels decoding heap-based buffer overflow December 22, 2022 CVE Number CVE-2022-41639 SUMMARY A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and...
OpenImageIO Project OpenImageIO IFFOutput wild write vulnerability
Talos Vulnerability Report TALOS-2022-1656 OpenImageIO Project OpenImageIO IFFOutput wild write vulnerability December 22, 2022 CVE Number CVE-2022-43601,CVE-2022-43600,CVE-2022-43599,CVE-2022-43602 SUMMARY Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of...
OpenImageIO RLA format rle span out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2022-1629 OpenImageIO RLA format rle span out-of-bounds read vulnerability December 22, 2022 CVE Number CVE-2022-36354 SUMMARY A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More...
OpenImageIO PSD format image file directory denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1632 OpenImageIO PSD format image file directory denial of service vulnerability December 22, 2022 CVE Number CVE-2022-41684 SUMMARY A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory...
OpenImageIO Project OpenImageIO ZfileOutput::close() denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1657 OpenImageIO Project OpenImageIO ZfileOutput::close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43603 SUMMARY A denial of service vulnerability exists in the ZfileOutput::close functionality of OpenImageIO Project OpenImageIO...
OpenImageIO Project OpenImageIO IFFOutput channel interleaving information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1654 OpenImageIO Project OpenImageIO IFFOutput channel interleaving information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-43596 SUMMARY An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of...
Ghost user enumeration vulnerablity
Talos Vulnerability Report TALOS-2022-1625 Ghost user enumeration vulnerablity December 21, 2022 CVE Number CVE-2022-41697 SUMMARY A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of...
Ghost unauthorized newsletter modification vulnerability
Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...
OpenStack Kolla sudo privilege escalation vulnerability
Talos Vulnerability Report TALOS-2022-1589 OpenStack Kolla sudo privilege escalation vulnerability December 20, 2022 CVE Number CVE-2022-38060 SUMMARY A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers...
OpenStack oslo.privsep privilege escalation vulnerability
Talos Vulnerability Report TALOS-2022-1599 OpenStack oslo.privsep privilege escalation vulnerability December 20, 2022 CVE Number CVE-2022-38065 SUMMARY A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive...
VMware vCenter Server Content Library denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1588 VMware vCenter Server Content Library denial of service vulnerability December 13, 2022 CVE Number CVE-2022-31698 SUMMARY A denial of service vulnerability exists in the Content Library functionality of VMware vCenter Server 6.5 Update 3t. A...
PowerISO VHD File Format parsing CXSPARSE record memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1644 PowerISO VHD File Format parsing CXSPARSE record memory corruption vulnerability December 7, 2022 CVE Number CVE-2022-41992 SUMMARY A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO...
NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1603 NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability December 6, 2022 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality MOV instruction index functionality of NVIDIA...
NVIDIA D3D10 Driver Shader Functionality DCL_INDEXRANGE instruction memory corruption vulnerability
Talos Vulnerability Report TALOS-2022-1604 NVIDIA D3D10 Driver Shader Functionality DCLINDEXRANGE instruction memory corruption vulnerability December 6, 2022 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality DCLINDEXRANGE instruction...
Lansweeper lansweeper SanitizeHtml cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2022-1541 Lansweeper lansweeper SanitizeHtml cross-site scripting XSS vulnerability December 1, 2022 CVE Number CVE-2022-32763 SUMMARY A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper...
Lansweeper lansweeper KnowledgebasePageActions.aspx ImportArticles directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1530 Lansweeper lansweeper KnowledgebasePageActions.aspx ImportArticles directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-29511 SUMMARY A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles...
Lansweeper lansweeper HdConfigActions.aspx altertextlanguages stored cross-site scripting vulnerability
Talos Vulnerability Report TALOS-2022-1532 Lansweeper lansweeper HdConfigActions.aspx altertextlanguages stored cross-site scripting vulnerability December 1, 2022 CVE Number CVE-2022-28703 SUMMARY A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages...
Lansweeper lansweeper AssetActions.aspx directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1528 Lansweeper lansweeper AssetActions.aspx directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-32573 SUMMARY A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A...
Lansweeper lansweeper HelpdeskActions.aspx edittemplate directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1529 Lansweeper lansweeper HelpdeskActions.aspx edittemplate directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-29517 SUMMARY A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper...
Lansweeper lansweeper TicketTemplateActions.aspx GetTemplateAttachment directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1531 Lansweeper lansweeper TicketTemplateActions.aspx GetTemplateAttachment directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-27498 SUMMARY A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment...
Callback technologies CBFS Filter handle_ioctl_83150 null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1647 Callback technologies CBFS Filter handleioctl83150 null pointer dereference vulnerability November 22, 2022 CVE Number CVE-2022-43588 SUMMARY A null pointer dereference vulnerability exists in the handleioctl83150 functionality of Callback technologies...