2224 matches found
Lantronix PremierWave 2050 Web Manager FsBrowseClean stack-based buffer overflow vulnerability
Summary A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...
Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities
Summary Multiple OS command injection vulnerabilities exist in the Web Manager SSL Credential Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
Lantronix PremierWave 2050 Web Manager Diagnostics: Traceroute OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
Microsoft Azure Sphere Kernel GPIO_SET_PIN_CONFIG_IOCTL information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1339 Microsoft Azure Sphere Kernel GPIOSETPINCONFIGIOCTL information disclosure vulnerability November 9, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the GPIOSETPINCONFIGIOCTL functionality of Microsoft Azure Sphere 21.06. A...
Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging stage-without-manifest denial of service vulnerability
Summary A denial of service vulnerability exists in the Security Monitor SMSyscallCommitImageStaging stage-without-manifest functionality of Microsoft Azure Sphere 21.01. A specially crafted image package can lead to boot looping, requiring manual recovery. An attacker can flash a malicious image...
Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging 1BL firmware downgrade vulnerability
Summary A firmware downgrade vulnerability exists in the Security Monitor SMSyscallCommitImageStaging 1BL functionality of Microsoft Azure Sphere 21.01. A specially-crafted set of Secmon syscalls can lead to downgrading the version of the 1BL firmware. An attacker can use syscalls to trigger this...
Microsoft Azure Sphere Pluton concurrent syscalls denial of service vulnerability
Summary A denial of service vulnerability exists in the Pluton syscalls functionality of Microsoft Azure Sphere 21.01, 21.06 and 21.07. A specially-crafted set of syscalls executed in parallel by an unprivileged process can lead to the crash of Pluton, resulting in a device reboot denial of...
Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability
Summary A signature check bypass vulnerability exists in the Security Monitor SMSyscallStageBaseManifests image validation functionality of Microsoft Azure Sphere 21.01. A specially crafted manifest can lead to a firmware downgrade. An attacker can use syscalls to trigger this vulnerability. Test...
Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the Security Monitor SMSyscallStageBaseManifests offset calculation of Microsoft Azure Sphere 21.01. A specially crafted manifest could lead to information disclosure. An attacker can use syscalls to trigger this vulnerability. Tested Versions...
Microsoft Azure Sphere Kernel GPIO_GET_PIN_ACCESS_CONTROL_USER information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1340 Microsoft Azure Sphere Kernel GPIOGETPINACCESSCONTROLUSER information disclosure vulnerability November 9, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the GPIOGETPINACCESSCONTROLUSER functionality of Microsoft Azure...
Gerbv drill format T-code tool number out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to...
ZTE MF971R ADB_MODE_SWITCH stack-based buffer overflow vulnerability
Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow which can lead to remote code execution. An attacker needs to provide a URL to...
ZTE MF971R HTTP_HOST CRLF Injection vulnerability
Summary An exploitable CRLF injection vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a CRLF injection. An attacker needs to provide a URL to the victim to trigger the vulnerability. Tested Versions ZTE...
ZTE MF971R goform_get_cmd_process Config Control External config control vulnerability
Summary An exploitable Pre-Auth Configuration File Control vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a configuration file entry overwrite. An attacker needs to provide a URL to the victim to trigger the...
ZTE MF971R Referer authentication bypass vulnerability
Summary An exploitable Referer mitigation bypass vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can bypass Referer-based mitigation. An attacker needs to provide a URL to the victim to trigger the vulnerability. Teste...
ZTE MF971R STK_PROCESS stack-based buffer overflow vulnerability
Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow and leads to remote code execution. An attacker needs to provide a URL to the...
ZTE MF971R xmlclient cross-site scripting vulnerability
Summary An exploitable Cross-Site-Scripting XSS vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker...
ZTE MF971R sms_cmd_status_info cross-site scripting vulnerability
Summary An exploitable Cross-Site-Scripting vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker needs ...
Nitro Pro PDF JavaScript TimeOutObject double free vulnerability
Summary An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This...
Nitro Pro PDF JavaScript local_file_path Object use-after-free vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to co...
Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability
Talos Vulnerability Report TALOS-2021-1259 Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability October 12, 2021 CVE Number CVE-2021-40474 Details Microsoft Office is a suite of tools used for productivity in both a corporate environment as well as by end-users. It...
Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability
Talos Vulnerability Report TALOS-2021-1370 Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability October 11, 2021 CVE Number CVE-2021-21941 SUMMARY A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A...
Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1369 Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability October 11, 2021 CVE Number CVE-2021-21940 SUMMARY A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase ...
D-LINK DIR-3040 WiFi Smart Mesh information disclosure vulnerability
Summary An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. Tested Versions D-LINK DIR-3040...
Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1309 Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability September 14, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the Security Monitor SMSyscallPeripheralAcquire...
Nitro Pro PDF JavaScript document.flattenPages JSStackFrame stack-based use-after-free vulnerability
Summary An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution...
Ribbonsoft dxflib DL_Dxf::handleLWPolylineData heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1346 Ribbonsoft dxflib DLDxf::handleLWPolylineData heap-based buffer overflow vulnerability September 7, 2021 CVE Number CVE-2021-21897 SUMMARY A code execution vulnerability exists in the DLDxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0....
Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability
Summary A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Disc Soft...
GPAC Project Advanced Content MPEG-4 Decoding multiple integer truncation vulnerabilities
Summary Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes...
GPAC Project Advanced Content MPEG-4 Decoding multiple integer addition overflow vulnerabilities
Summary Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer...
GPAC Project on Advanced Content library MPEG-4 Decoding multiple multiplication integer overflow vulnerabilities
Summary Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow...
AT&T Labs Xmill XML parsing CreateLabelOrAttrib memory corruption vulnerability
Summary A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0...
AT&T Labs Xmill multiple command line parsing vulnerabilities
Summary Multiple stack-based buffer overflow vulnerabilities exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. A specially crafted command-line argument can lead to code execution. An attacker can provide malicious input to trigger these vulnerabilities. Test...
AT&T Labs Xmill XML decompression DecodeTreeBlock multiple heap-based buffer overflow vulnerabilities
Summary Multiple heap-based buffer overflow vulnerabilities exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. A specially crafted XMI File can lead to remote code execution. An attacker can provide a malicious file to trigger these vulnerabilities. Tested...
Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1310 Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability August 10, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the Security Monitor SMSyscallWriteBlockToStageImage...
AT&T Labs Xmill XML decompression EnumerationUncompressor::UncompressItem heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
AT&T Labs Xmill XML decompression PlainTextUncompressor::UncompressItem heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
Mozilla Firefox MediaCacheStream::NotifyDataReceived use-after-free vulnerability
Summary A potential remote code execution vulnerability exists in the MediaCacheStream::NotifyDataReceived method of Mozilla Firefox 89.0.3 x64. A specially-crafted web page can cause a use-after-free vulnerability potentially resulting in a code execution. A victim needs to visit a malicious...
Microsoft Azure Sphere Security Monitor SECTION_ABIDepends denial of service vulnerability
Talos Vulnerability Report TALOS-2021-1311 Microsoft Azure Sphere Security Monitor SECTIONABIDepends denial of service vulnerability August 10, 2021 CVE Number None SUMMARY A denial of service vulnerability exists in the Security Monitor SECTIONABIDepends functionality of Microsoft Azure Sphere...
AT&T Labs Xmill XML parsing ParseAttribs memory corruption vulnerability
Summary A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0.7...
AT&T Labs Xmill XML decompression LabelDict::Load heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T La...
tinyobjloader LoadObj improper array index validation vulnerability
Summary An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Teste...
Foxit Reader removeField use-after-free vulnerability
Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Foxit Reader Field OnFocus event use-after-free vulnerability
Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Foxit Reader FileAttachment annotation use-after-free vulnerability redux
Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into openi...
CODESYS Development System Engine.plugin ProfileInformation ProfileData Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...
CODESYS Development System ComponentModel ComponentManager.StartupCultureSettings Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious fi...
CODESYS Development System ObjectManager.plugin ProfileInformation.ProfileData Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file ...
CODESYS Development System ComponentModel Profile.FromFile() Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...
CODESYS Development System ObjectManager.plugin Project.get_MissingTypes() Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.getMissingTypes functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...