2224 matches found
Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...
Advantech SQ Manager Server 1.0.6 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Advantech SQ...
Adobe Acrobat Reader Javascript event.richValue use-after-free vulnerability
Summary A use-after-free vulnerability exists in the way certain events are handled in Adobe Acrobat Reader 21.007.20091. A specially-crafted javascript code can exploit a use-after-free vulnerability which can lead to arbitrary code execution. User would need to open a malicious file to trigger...
Adobe Acrobat Reader DC annotation gestures integer overflow vulnerability
Summary An integer overflow vulnerability exists in the way Adobe Acrobat Reader DC 2021.007.20099 supports annotation interactions through JavaScript. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious...
AnyCubic Chitubox AnyCubic Plugin readDatHeadVec heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AnyCubi...
Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability
Summary A memory corruption vulnerability exists in the WebRTC functionality of Google Chrome 92.0.4515.159 Stable and 95.0.4623.0 Canary. A specially-crafted web page can trigger this vulnerability, which can cause a heap buffer overflow and result in remote code execution. Victim would need to...
Garrett Metal Detectors iC Module CMA CLI getenv command directory traversal vulnerability
Summary A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...
Garrett Metal Detectors iC Module CMA check_udp_crc strcpy stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this...
Garrett Metal Detectors iC Module CMA CLI readfile stack-based buffer overflow vulnerabilities
Summary Two stack-based buffer overflow vulnerabilities exist in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. Convincing the system to call readfile on a specially-crafted file can lead to stack-based buffer overflows. An attacke...
Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame decoding heap-based buffer overflow vulnerability
Summary When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an...
Garrett Metal Detectors iC Module CMA CLI del[env] command directory traversal vulnerabilities
Summary Directory traversal vulnerabilities exist in the CMA CLI del and delenv commands of Garrett Metal Detectors’ iC Module CMA Version 5.0. Specially-crafted command line arguments can lead to arbitrary file deletion. An attacker can provide malicious inputs to trigger these vulnerabilities...
Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame parsing uninitialized uuid object vulnerability
Summary When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...
Garrett Metal Detectors iC Module CMA check_udp_crc memcpy stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...
Garrett Metal Detectors iC Module CMA run_server_6877 authentication bypass vulnerability
Summary An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger th...
Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability
Summary A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to arbitrary file overwrite. An attacker can provide malicious input to trigger this vulnerability. Tested...
Gerbv RS-274X aperture macro outline primitive integer overflow vulnerability
Summary An integer overflow vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious fi...
Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a maliciou...
Dream Report ODS Remote Connector privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...
Google Chrome Blink setBaseAndExtent use after free vulnerability
Summary A use-after-free vulnerability exists in the Selection API of Blink rendering engine in Google Chrome 92.0.4515.131 Stable and 94.0.4597.1 Canary. A specially-crafted web page can trigger reuse of previously freed memory which can lead to arbitrary code execution. Victim would need to vis...
Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_RSA_KEY_REQUEST authentication bypass vulnerability
Talos Vulnerability Report TALOS-2021-1379 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETRSAKEYREQUEST authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21952 SUMMARY An authentication bypass vulnerability exists in the CMDDEVICEGETRSAKEYREQUEST functionality of the...
Anker Eufy Homebase 2 home_security process_msg() authentication bypass vulnerability
Talos Vulnerability Report TALOS-2021-1380 Anker Eufy Homebase 2 homesecurity processmsg authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21953 SUMMARY An authentication bypass vulnerability exists in the processmsg function of the homesecurity binary of Anker Eufy Homeba...
Anker Eufy Homebase 2 home_security get_aes_key_info_by_packetid() authentication bypass vulnerability
Talos Vulnerability Report TALOS-2021-1382 Anker Eufy Homebase 2 homesecurity getaeskeyinfobypacketid authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21955 SUMMARY An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity...
Anker Eufy Homebase 2 home_security wifi_country_code_update command execution vulnerability
Talos Vulnerability Report TALOS-2021-1381 Anker Eufy Homebase 2 homesecurity wificountrycodeupdate command execution vulnerability November 29, 2021 CVE Number CVE-2021-21954 SUMMARY A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of...
Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_SERVER_LIST_REQUEST out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2021-1378 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETSERVERLISTREQUEST out-of-bounds write vulnerability November 29, 2021 CVE Number CVE-2021-21950,CVE-2021-21951 SUMMARY An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST...
Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'company_list' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘companylist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. However, the high...
Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'user_list' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘userlist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities with the administrativ...
Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'device_list' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘devicelist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as...
Advantech R-SeeNet installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...
CloudLinux Inc Imunify360 Ai-Bolit php unserialize vulnerability
Summary A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.8 and 5.9. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...
Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'group_list' page
Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as...
LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1350 LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability November 17, 2021 CVE Number CVE-2021-21899 SUMMARY A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw...
LibreCad libdxfrw dxfRW::processLType() use-after-free vulnerability
Talos Vulnerability Report TALOS-2021-1351 LibreCad libdxfrw dxfRW::processLType use-after-free vulnerability November 17, 2021 CVE Number CVE-2021-21900 SUMMARY A code execution vulnerability exists in the dxfRW::processLType functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A...
LibreCad libdxfrw dwgCompressor::decompress18() out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2021-1349 LibreCad libdxfrw dwgCompressor::decompress18 out-of-bounds write vulnerability November 17, 2021 CVE Number CVE-2021-21898 SUMMARY A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw...
Google Chrome WebRTC addIceCandidate use after free vulnerability
Summary A use after free vulnerability exists in the WebRTC functionality of Google Chrome 91.0.4472.114 Stable and 93.0.4575.0 Canary. A specially-crafted web page can trigger reuse of previously freed memory which can lead to arbitrary code execution. Victim would need to visit a malicious...
Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability
Talos Vulnerability Report TALOS-2021-1332 Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability November 15, 2021 CVE Number CVE-2021-21888 Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of...
Lantronix PremierWave 2050 Web Manager FsUnmount OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Test...
Lantronix PremierWave 2050 Web Manager FsTFtp directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite and arbitrary file disclosure. An attacker can make an authenticated HTTP request to...
Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
Lantronix PremierWave 2050 Web Manager FsCopyFile directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
Lantronix PremierWave 2050 Web Manager SslGenerateCSR stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...
Lantronix PremierWave 2050 Web Manager FsMove directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...
Lantronix PremierWave 2050 Web Manager Diagnostics: Ping OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
Lantronix PremierWave 2050 Web Manager FsBrowseClean directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Lantronix PremierWave 2050 Web Manager FsUnmount stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...
Lantronix PremierWave 2050 Web Manager FsTFtp OS command injection vulnerabilities
Summary Multiple OS command injection vulnerabilities exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4. Specially-crafted HTTP requests can lead to arbitrary command execution. An attacker can make authenticated HTTP requests to trigger these vulnerabilities...
Lantronix PremierWave 2050 Web Manager SslGenerateCSR OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Lantronix PremierWave 2050 Web Manager FSBrowsePage directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
Lantronix PremierWave 2050 Web Manager Applications and FsBrowse local file inclusion vulnerability
Summary A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to...
Lantronix PremierWave 2050 Web Manager Wireless Network Scanner OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Lantronix PremierWave 2050 Web Manager Ping stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...