Lucene search
K

2224 matches found

Talos
Talos
added 2022/06/30 12:0 a.m.61 views

Robustel R1510 clish art2 command execution vulnerability

Summary A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R1510 3.3.0...

9.8CVSS9.6AI score0.02776EPSS
Exploits1
Talos
Talos
added 2022/06/30 12:0 a.m.67 views

Robustel R1510 web_server action endpoints OS command injection vulnerabilities

Summary Multiple command injection vulnerabilities exist in the webserver action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...

9.8CVSS10AI score0.04251EPSS
Exploits3
Talos
Talos
added 2022/06/30 12:0 a.m.46 views

Robustel R1510 web_server /action/remove/ API data removal vulnerability

Summary A data removal vulnerability exists in the webserver /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R151...

9.1CVSS8.9AI score0.35165EPSS
Exploits1
Talos
Talos
added 2022/06/15 12:0 a.m.34 views

Anker Eufy Homebase 2 mips_collector appsrv_server use-after-free vulnerability

Talos Vulnerability Report TALOS-2022-1440 Anker Eufy Homebase 2 mipscollector appsrvserver use-after-free vulnerability June 15, 2022 CVE Number CVE-2022-21806 SUMMARY A use-after-free vulnerability exists in the mipscollector appsrvserver functionality of Anker Eufy Homebase 2 2.1.8.5h. A...

10CVSS9.6AI score0.02227EPSS
Exploits1
Talos
Talos
added 2022/06/15 12:0 a.m.58 views

Bachmann Visutec GmbH Atvise License registration information disclosure vulnerability

Summary An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this...

5.9CVSS5.6AI score0.00437EPSS
Exploits0
Talos
Talos
added 2022/06/15 12:0 a.m.46 views

Blynk Blynk-Library BlynkConsole.h runCommand stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. Tested Versions Blynk -Libra...

9.8CVSS9.8AI score0.01942EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.30 views

Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability

Summary An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger th...

7.5CVSS7.6AI score0.01641EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.66 views

Open Automation Software OAS Platform REST API unauthenticated vulnerability

Summary An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS9.3AI score0.37606EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.23 views

Open Automation Software Platform Engine SecureAddSecurity external config control vulnerability

Summary An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of...

7.5CVSS7.9AI score0.01208EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.35 views

Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability

Summary A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can...

7.5CVSS7.8AI score0.01093EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.75 views

Open Automation Software Platform Engine SecureTransferFiles file write vulnerability

Summary A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS10AI score0.18607EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.43 views

Open Automation Software Platform Engine SecureConfigValues denial of service vulnerability

Summary A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability...

7.5CVSS7.8AI score0.0114EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.27 views

Open Automation Software Platform Engine SecureAddUser External config control vulnerability

Summary An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests t...

7.5CVSS7.8AI score0.01208EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.46 views

Open Automation Software Platform Engine SecureTransferFiles information disclosure vulnerability

Summary An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger...

7.5CVSS6.4AI score0.01221EPSS
Exploits1
Talos
Talos
added 2022/05/17 12:0 a.m.37 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXRANGE memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLINDEXRANGE functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to memory corruption. This vulnerability potentially could be triggered from guest machines running...

8.5CVSS8.5AI score0.01492EPSS
Exploits0
Talos
Talos
added 2022/05/17 12:0 a.m.35 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_RESOURCE_STRUCTURED memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLRESOURCESTRUCTURED functionality of NVIDIA D3D10 Driver, version 496.76, 30.0.14.9676. A specially-crafted executable/shader file can lead to an out-of-bounds write. This vulnerability potentially could be triggered from guest...

8.5CVSS8.4AI score0.01492EPSS
Exploits0
Talos
Talos
added 2022/05/17 12:0 a.m.34 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_UNORDERED_ACCESS_VIEW_STRUCTURED memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader DCLUNORDEREDACCESSVIEWSTRUCTURED functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from gue...

8.5CVSS8.6AI score0.01492EPSS
Exploits0
Talos
Talos
added 2022/05/17 12:0 a.m.51 views

NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXABLE memory corruption vulnerability

Summary A memory corruption vulnerability exists in the shader dclindexable functionality of NVIDIA D3D10 Driver version 496.76, 30.0.14.9676. A specially-crafted executable / shader file can lead to memory corruption. This vulnerability potentially could be triggered from guest machines running...

9.9CVSS9.1AI score0.01034EPSS
Exploits0
Talos
Talos
added 2022/05/10 12:0 a.m.44 views

InHand Networks InRouter302 console factory OS command injection vulnerability

Summary An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand...

9.1CVSS7.5AI score0.05359EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.40 views

InHand Networks InRouter302 router configuration export information disclosure vulnerability

Summary An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions...

6.5CVSS6.3AI score0.00651EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.34 views

InHand Networks InRouter302 console factory stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. Tested...

9.1CVSS7.7AI score0.03105EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.45 views

InHand Networks InRouter302 httpd wlscan_ASP OS command injection vulnerability

Summary An OS command injection vulnerability exists in the httpd wlscanASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

9.9CVSS8.8AI score0.12477EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.35 views

InHand Networks InRouter302 info.jsp cross-site scripting (XSS) vulnerability

Summary A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...

6.1CVSS6AI score0.01392EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.73 views

InHand Networks InRouter302 libnvram.so nvram_import improper input validation vulnerabilities

Summary Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested...

9.9CVSS9.3AI score0.03247EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.51 views

InHand Networks InRouter302 console infactory_wlan command injection vulnerability

Summary An OS command injection vulnerability exists in the console infactorywlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Test...

9.9CVSS8.9AI score0.05829EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.38 views

InHand Networks InRouter302 console inhand command execution vulnerability

Summary A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHan...

9.9CVSS8.8AI score0.026EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.40 views

InHand Networks InRouter302 iburn firmware checks firmware update vulnerability

Summary A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand Network...

9.9CVSS6.6AI score0.0125EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.31 views

InHand Networks InRouter302 router configuration import privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...

8.8CVSS8.2AI score0.01885EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.42 views

InHand Networks InRouter302 web interface session cookie information disclosure vulnerability

Summary An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal t...

7.5CVSS6.3AI score0.0099EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.37 views

InHand Networks InRouter302 httpd upload.cgi file write vulnerability

Summary A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. Tested Versions InHand Networks...

9.9CVSS8.3AI score0.01741EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.24 views

InHand Networks InRouter302 httpd parse_ping_result API buffer overflow vulnerability

Summary A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand Networ...

8.2CVSS7.3AI score0.01256EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.32 views

InHand Networks InRouter302 console infactory_port OS command injection vulnerability

Summary An OS command injection vulnerability exists in the console infactoryport functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Test...

9.9CVSS8.8AI score0.05829EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.60 views

InHand Networks InRouter302 daretools binary OS command injection vulnerability

Summary An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions...

9.9CVSS9.1AI score0.08477EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.59 views

InHand Networks InRouter302 console infactory hard-coded password vulnerability

Summary A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested...

8.8CVSS6.8AI score0.0107EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.39 views

ESTsoft Alyac PE section headers out of bounds read

Talos Vulnerability Report TALOS-2022-1452 ESTsoft Alyac PE section headers out of bounds read May 10, 2022 CVE Number CVE-2022-21147 SUMMARY An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this...

5.5CVSS5.3AI score0.00638EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.62 views

InHand Networks InRouter302 console infactory_net command injection vulnerability

Summary An OS command injection vulnerability exists in the console infactorynet functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Teste...

9.9CVSS8.8AI score0.04774EPSS
Exploits1
Talos
Talos
added 2022/05/09 12:0 a.m.50 views

WPS Office HtmTableAlt use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in WPS Spreadsheets ET as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to...

8.8CVSS8.4AI score0.01273EPSS
Exploits0
Talos
Talos
added 2022/05/05 12:0 a.m.46 views

Anker Eufy Homebase 2 libxm_av.so DemuxCmdInBuffer buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1480 Anker Eufy Homebase 2 libxmav.so DemuxCmdInBuffer buffer overflow vulnerability May 5, 2022 CVE Number CVE-2022-26073 SUMMARY A denial of service vulnerability exists in the libxmav.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A...

7.4CVSS7.1AI score0.0071EPSS
Exploits1
Talos
Talos
added 2022/05/05 12:0 a.m.46 views

Anker Eufy Homebase 2 libxm_av.so getpeermac() authentication bypass vulnerability

Talos Vulnerability Report TALOS-2022-1479 Anker Eufy Homebase 2 libxmav.so getpeermac authentication bypass vulnerability May 5, 2022 CVE Number CVE-2022-25989 SUMMARY An authentication bypass vulnerability exists in the libxmav.so getpeermac functionality of Anker Eufy Homebase 2 2.1.8.5h. A...

8.8CVSS7.9AI score0.00989EPSS
Exploits1
Talos
Talos
added 2022/05/02 12:0 a.m.22 views

Accusoft ImageGear ioca_mys_rgb_allocate memory corruption vulnerability

Summary A memory corruption vulnerability exists in the iocamysrgballocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10...

9.8CVSS7AI score0.01093EPSS
Exploits1
Talos
Talos
added 2022/05/02 12:0 a.m.55 views

Accusoft ImageGear IGXMPXMLParser::parseDelimiter stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information...

7.1CVSS7AI score0.00767EPSS
Exploits1
Talos
Talos
added 2022/04/14 12:0 a.m.45 views

ArduPilot APWeb cgi.c unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested...

9.8CVSS7.5AI score0.01684EPSS
Exploits1
Talos
Talos
added 2022/03/31 12:0 a.m.54 views

Accusoft ImageGear parse_raster_data out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the parserasterdata functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.10...

8.1CVSS7.9AI score0.00735EPSS
Exploits1
Talos
Talos
added 2022/03/23 12:0 a.m.50 views

Sound Exchange libsox sphere.c start_read() heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1434 Sound Exchange libsox sphere.c startread heap-based buffer overflow vulnerability March 23, 2022 CVE Number CVE-2021-40426 SUMMARY A heap-based buffer overflow vulnerability exists in the sphere.c startread functionality of Sound Exchange libsox 14.4.2 a...

10CVSS8.9AI score0.02211EPSS
Exploits1
Talos
Talos
added 2022/03/15 12:0 a.m.67 views

Webroot Secure Anywhere IOCTL GetProcessCommand and B_03 out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Webroot Secure Anywhere 21.4 Produ...

6.7AI score
Exploits0
Talos
Talos
added 2022/03/15 12:0 a.m.46 views

Leadtools fltSaveCMP integer overflow vulnerability

Summary An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability. Tested Versions...

8.8CVSS8AI score0.00983EPSS
Exploits1
Talos
Talos
added 2022/02/28 12:0 a.m.20 views

Lansweeper WebUserActions.aspx Stored XSS vulnerability

Summary A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. Tested...

9.1CVSS5.4AI score0.77778EPSS
Exploits1
Talos
Talos
added 2022/02/28 12:0 a.m.37 views

Lansweeper lansweeper EchoAssets.aspx SQL injection vulnerability

Summary An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper lansweeper...

9.1CVSS8.7AI score0.72601EPSS
Exploits1
Talos
Talos
added 2022/02/28 12:0 a.m.71 views

Swift Sensors Gateway device password generation authentication bypass vulnerability

Summary An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Version...

10CVSS10AI score0.0581EPSS
Exploits1
Talos
Talos
added 2022/02/28 12:0 a.m.58 views

Lansweeper lansweeper AssetActions.aspx SQL injection vulnerability

Summary An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper lansweeper...

8.8CVSS7.9AI score0.71227EPSS
Exploits1
Total number of security vulnerabilities2224