Lucene search
K

2224 matches found

Talos
Talos
added 2021/11/15 12:0 a.m.33 views

Lantronix PremierWave 2050 Web Manager FsBrowseClean stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...

9.3AI score
Exploits0
Talos
Talos
added 2021/11/15 12:0 a.m.42 views

Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities

Summary Multiple OS command injection vulnerabilities exist in the Web Manager SSL Credential Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

9.1CVSS10AI score0.02915EPSS
Exploits3
Talos
Talos
added 2021/11/15 12:0 a.m.29 views

Lantronix PremierWave 2050 Web Manager Diagnostics: Traceroute OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

9.9CVSS9.9AI score0.06061EPSS
Exploits1
Talos
Talos
added 2021/11/09 12:0 a.m.23 views

Microsoft Azure Sphere Kernel GPIO_SET_PIN_CONFIG_IOCTL information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1339 Microsoft Azure Sphere Kernel GPIOSETPINCONFIGIOCTL information disclosure vulnerability November 9, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the GPIOSETPINCONFIGIOCTL functionality of Microsoft Azure Sphere 21.06. A...

7.2AI score
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.17 views

Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging stage-without-manifest denial of service vulnerability

Summary A denial of service vulnerability exists in the Security Monitor SMSyscallCommitImageStaging stage-without-manifest functionality of Microsoft Azure Sphere 21.01. A specially crafted image package can lead to boot looping, requiring manual recovery. An attacker can flash a malicious image...

7AI score
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.18 views

Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging 1BL firmware downgrade vulnerability

Summary A firmware downgrade vulnerability exists in the Security Monitor SMSyscallCommitImageStaging 1BL functionality of Microsoft Azure Sphere 21.01. A specially-crafted set of Secmon syscalls can lead to downgrading the version of the 1BL firmware. An attacker can use syscalls to trigger this...

7AI score
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.23 views

Microsoft Azure Sphere Pluton concurrent syscalls denial of service vulnerability

Summary A denial of service vulnerability exists in the Pluton syscalls functionality of Microsoft Azure Sphere 21.01, 21.06 and 21.07. A specially-crafted set of syscalls executed in parallel by an unprivileged process can lead to the crash of Pluton, resulting in a device reboot denial of...

7.6AI score
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.31 views

Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability

Summary A signature check bypass vulnerability exists in the Security Monitor SMSyscallStageBaseManifests image validation functionality of Microsoft Azure Sphere 21.01. A specially crafted manifest can lead to a firmware downgrade. An attacker can use syscalls to trigger this vulnerability. Test...

6.7CVSS6.2AI score0.00547EPSS
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.21 views

Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the Security Monitor SMSyscallStageBaseManifests offset calculation of Microsoft Azure Sphere 21.01. A specially crafted manifest could lead to information disclosure. An attacker can use syscalls to trigger this vulnerability. Tested Versions...

4.4CVSS4.1AI score0.00728EPSS
Exploits0
Talos
Talos
added 2021/11/09 12:0 a.m.20 views

Microsoft Azure Sphere Kernel GPIO_GET_PIN_ACCESS_CONTROL_USER information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1340 Microsoft Azure Sphere Kernel GPIOGETPINACCESSCONTROLUSER information disclosure vulnerability November 9, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the GPIOGETPINACCESSCONTROLUSER functionality of Microsoft Azure...

7.1AI score
Exploits0
Talos
Talos
added 2021/11/04 12:0 a.m.23 views

Gerbv drill format T-code tool number out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to...

10CVSS9.4AI score0.02916EPSS
Exploits1
Talos
Talos
added 2021/10/18 12:0 a.m.175 views

ZTE MF971R ADB_MODE_SWITCH stack-based buffer overflow vulnerability

Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow which can lead to remote code execution. An attacker needs to provide a URL to...

9.8CVSS9.9AI score0.0172EPSS
Exploits0
Talos
Talos
added 2021/10/18 12:0 a.m.153 views

ZTE MF971R HTTP_HOST CRLF Injection vulnerability

Summary An exploitable CRLF injection vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a CRLF injection. An attacker needs to provide a URL to the victim to trigger the vulnerability. Tested Versions ZTE...

4.3CVSS5.2AI score0.00823EPSS
Exploits0
Talos
Talos
added 2021/10/18 12:0 a.m.89 views

ZTE MF971R goform_get_cmd_process Config Control External config control vulnerability

Summary An exploitable Pre-Auth Configuration File Control vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a configuration file entry overwrite. An attacker needs to provide a URL to the victim to trigger the...

7.5CVSS7.9AI score0.00798EPSS
Exploits0
Talos
Talos
added 2021/10/18 12:0 a.m.79 views

ZTE MF971R Referer authentication bypass vulnerability

Summary An exploitable Referer mitigation bypass vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can bypass Referer-based mitigation. An attacker needs to provide a URL to the victim to trigger the vulnerability. Teste...

4.3CVSS5.2AI score0.55709EPSS
Exploits0
Talos
Talos
added 2021/10/18 12:0 a.m.58 views

ZTE MF971R STK_PROCESS stack-based buffer overflow vulnerability

Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow and leads to remote code execution. An attacker needs to provide a URL to the...

9.8CVSS10AI score0.01565EPSS
Exploits0
Talos
Talos
added 2021/10/18 12:0 a.m.46 views

ZTE MF971R xmlclient cross-site scripting vulnerability

Summary An exploitable Cross-Site-Scripting XSS vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker...

6.1CVSS6.5AI score0.00562EPSS
Exploits0
Talos
Talos
added 2021/10/18 12:0 a.m.45 views

ZTE MF971R sms_cmd_status_info cross-site scripting vulnerability

Summary An exploitable Cross-Site-Scripting vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker needs ...

6.1CVSS6.6AI score0.00562EPSS
Exploits0
Talos
Talos
added 2021/10/13 12:0 a.m.52 views

Nitro Pro PDF JavaScript TimeOutObject double free vulnerability

Summary An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This...

8.8CVSS7.9AI score0.15046EPSS
Exploits1
Talos
Talos
added 2021/10/13 12:0 a.m.36 views

Nitro Pro PDF JavaScript local_file_path Object use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to co...

8.8CVSS8.1AI score0.15777EPSS
Exploits1
Talos
Talos
added 2021/10/12 12:0 a.m.74 views

Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability

Talos Vulnerability Report TALOS-2021-1259 Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability October 12, 2021 CVE Number CVE-2021-40474 Details Microsoft Office is a suite of tools used for productivity in both a corporate environment as well as by end-users. It...

7.8CVSS0.6AI score0.02194EPSS
Exploits0
Talos
Talos
added 2021/10/11 12:0 a.m.86 views

Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability

Talos Vulnerability Report TALOS-2021-1370 Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability October 11, 2021 CVE Number CVE-2021-21941 SUMMARY A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A...

10CVSS9.2AI score0.01625EPSS
Exploits1
Talos
Talos
added 2021/10/11 12:0 a.m.47 views

Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1369 Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability October 11, 2021 CVE Number CVE-2021-21940 SUMMARY A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase ...

10CVSS9.5AI score0.01292EPSS
Exploits1
Talos
Talos
added 2021/09/23 12:0 a.m.71 views

D-LINK DIR-3040 WiFi Smart Mesh information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. Tested Versions D-LINK DIR-3040...

8.5AI score
Exploits0
Talos
Talos
added 2021/09/14 12:0 a.m.25 views

Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1309 Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability September 14, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the Security Monitor SMSyscallPeripheralAcquire...

7.7AI score
Exploits0
Talos
Talos
added 2021/09/13 12:0 a.m.54 views

Nitro Pro PDF JavaScript document.flattenPages JSStackFrame stack-based use-after-free vulnerability

Summary An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution...

8.8CVSS8AI score0.15613EPSS
Exploits1
Talos
Talos
added 2021/09/07 12:0 a.m.37 views

Ribbonsoft dxflib DL_Dxf::handleLWPolylineData heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1346 Ribbonsoft dxflib DLDxf::handleLWPolylineData heap-based buffer overflow vulnerability September 7, 2021 CVE Number CVE-2021-21897 SUMMARY A code execution vulnerability exists in the DLDxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0....

8.8CVSS8.8AI score0.02885EPSS
Exploits1
Talos
Talos
added 2021/08/17 12:0 a.m.97 views

Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability

Summary A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Disc Soft...

9.8CVSS9.3AI score0.01153EPSS
Exploits1
Talos
Talos
added 2021/08/16 12:0 a.m.123 views

GPAC Project Advanced Content MPEG-4 Decoding multiple integer truncation vulnerabilities

Summary Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes...

8.9AI score
Exploits0
Talos
Talos
added 2021/08/16 12:0 a.m.143 views

GPAC Project on Advanced Content library MPEG-4 Decoding multiple multiplication integer overflow vulnerabilities

Summary Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow...

9AI score
Exploits0
Talos
Talos
added 2021/08/16 12:0 a.m.122 views

GPAC Project Advanced Content MPEG-4 Decoding multiple integer addition overflow vulnerabilities

Summary Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer...

8.9AI score
Exploits0
Talos
Talos
added 2021/08/11 12:0 a.m.45 views

AT&T Labs Xmill XML parsing CreateLabelOrAttrib memory corruption vulnerability

Summary A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0...

9.8CVSS9.1AI score0.01136EPSS
Exploits1
Talos
Talos
added 2021/08/10 12:0 a.m.62 views

AT&T Labs Xmill multiple command line parsing vulnerabilities

Summary Multiple stack-based buffer overflow vulnerabilities exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. A specially crafted command-line argument can lead to code execution. An attacker can provide malicious input to trigger these vulnerabilities. Test...

7.8CVSS8.3AI score0.00333EPSS
Exploits2
Talos
Talos
added 2021/08/10 12:0 a.m.64 views

AT&T Labs Xmill XML decompression DecodeTreeBlock multiple heap-based buffer overflow vulnerabilities

Summary Multiple heap-based buffer overflow vulnerabilities exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. A specially crafted XMI File can lead to remote code execution. An attacker can provide a malicious file to trigger these vulnerabilities. Tested...

8.7AI score
Exploits0
Talos
Talos
added 2021/08/10 12:0 a.m.24 views

Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1310 Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability August 10, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the Security Monitor SMSyscallWriteBlockToStageImage...

6.4AI score
Exploits0
Talos
Talos
added 2021/08/10 12:0 a.m.50 views

AT&T Labs Xmill XML decompression EnumerationUncompressor::UncompressItem heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.3AI score0.02545EPSS
Exploits1
Talos
Talos
added 2021/08/10 12:0 a.m.118 views

Mozilla Firefox MediaCacheStream::NotifyDataReceived use-after-free vulnerability

Summary A potential remote code execution vulnerability exists in the MediaCacheStream::NotifyDataReceived method of Mozilla Firefox 89.0.3 x64. A specially-crafted web page can cause a use-after-free vulnerability potentially resulting in a code execution. A victim needs to visit a malicious...

8.8CVSS9.2AI score0.01451EPSS
Exploits1
Talos
Talos
added 2021/08/10 12:0 a.m.93 views

Microsoft Azure Sphere Security Monitor SECTION_ABIDepends denial of service vulnerability

Talos Vulnerability Report TALOS-2021-1311 Microsoft Azure Sphere Security Monitor SECTIONABIDepends denial of service vulnerability August 10, 2021 CVE Number None SUMMARY A denial of service vulnerability exists in the Security Monitor SECTIONABIDepends functionality of Microsoft Azure Sphere...

7.2AI score
Exploits0
Talos
Talos
added 2021/08/10 12:0 a.m.39 views

AT&T Labs Xmill XML parsing ParseAttribs memory corruption vulnerability

Summary A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0.7...

9.8CVSS9.3AI score0.01136EPSS
Exploits1
Talos
Talos
added 2021/08/10 12:0 a.m.42 views

AT&T Labs Xmill XML decompression LabelDict::Load heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T La...

9.8CVSS9.1AI score0.02274EPSS
Exploits1
Talos
Talos
added 2021/08/10 12:0 a.m.55 views

AT&T Labs Xmill XML decompression PlainTextUncompressor::UncompressItem heap-based buffer overflow vulnerability

Summary A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.2AI score0.02274EPSS
Exploits1
Talos
Talos
added 2021/07/30 12:0 a.m.76 views

tinyobjloader LoadObj improper array index validation vulnerability

Summary An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Teste...

9.6CVSS8.5AI score0.0188EPSS
Exploits1
Talos
Talos
added 2021/07/27 12:0 a.m.159 views

Foxit Reader removeField use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS9AI score0.04546EPSS
Exploits1
Talos
Talos
added 2021/07/27 12:0 a.m.65 views

Foxit Reader Field OnFocus event use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS9.1AI score0.019EPSS
Exploits1
Talos
Talos
added 2021/07/27 12:0 a.m.90 views

Foxit Reader FileAttachment annotation use-after-free vulnerability redux

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into openi...

8.8CVSS8.8AI score0.01765EPSS
Exploits1
Talos
Talos
added 2021/07/26 12:0 a.m.60 views

CODESYS Development System Engine.plugin ProfileInformation ProfileData Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...

8.8CVSS8AI score0.01769EPSS
Exploits1
Talos
Talos
added 2021/07/26 12:0 a.m.75 views

CODESYS Development System ComponentModel ComponentManager.StartupCultureSettings Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious fi...

7.8CVSS7.8AI score0.01727EPSS
Exploits1
Talos
Talos
added 2021/07/26 12:0 a.m.110 views

CODESYS Development System ObjectManager.plugin ProfileInformation.ProfileData Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file ...

8.8CVSS8AI score0.01671EPSS
Exploits1
Talos
Talos
added 2021/07/26 12:0 a.m.69 views

CODESYS Development System ComponentModel Profile.FromFile() Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...

8.8CVSS8AI score0.01219EPSS
Exploits0
Talos
Talos
added 2021/07/26 12:0 a.m.78 views

CODESYS Development System ObjectManager.plugin Project.get_MissingTypes() Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.getMissingTypes functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...

8.8CVSS8AI score0.01607EPSS
Exploits1
Total number of security vulnerabilities2224