Komoot GmbH Komoot Friend finder information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1288 Komoot GmbH Komoot Friend finder information disclosure vulnerability June 9, 2021 CVE Number CVE-2021-21823 Summary An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A special...

Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability

Summary A code execution vulnerability exists in the WebAudio blink::AudioNodeOutput::Pull functionality of Google Chrome 90.0.4405.0 Build 64-bit and 88.0.4324.146 Official version 64-bit. A specially crafted web page can lead to use after free. An attacker could exploit this vulnerability by...

Apple macOS SMB server lock request infinite loop

Summary A resource exhaustion vulnerability exists in the SMB Server on Apple macOS 11.2. A specially crafted SMB packet can trigger an infinite loop which leads to maximum CPU utilization and denial of service. This vulnerability can be triggered by sending a malicious packet to the vulnerable...

Webkit ImageLoader dispatchPendingErrorEvent use-after-free vulnerability

Summary A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be...

Apple macOS SMB server directory query request integer overflow vulnerability

Summary A memory corruption vulnerability exists in the SMB Server on Apple macOS 11.2. A specially crafted SMB packet can trigger an integer overflow when handling directory query requests which can result in memory corruption, potentially leading to remote code execution and denial of service...

Webkit WebCore::GraphicsContext use-after-free vulnerability

Summary A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger...

Apple macOS SMB server IOCTL request uninitialized stack variable vulnerability

Summary A memory corruption vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger the use of an uninitialized stack variable which can lead to memory corruption and denial of service. This vulnerability can be triggered by sending a malicious packet t...

Apple macOS SMB server TREE_CONNECT stack buffer overflow vulnerability

Summary A remote code execution vulnerability exists in the SMB Server Apple macOS 10.15.7. A specially crafted SMB packet can trigger a stack-based buffer overflow, which can lead to arbitrary code execution and denial of service. This vulnerability can be triggered by sending a malicious packet...

Apple macOS SMB server create file request uninitialized memory disclosure

Summary A use of uninitialized data vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB packet can cause uninitialized data to end up in server reply which can leak sensitive information. This vulnerability can be triggered by sending a malicious packet to the...

Apple macOS SMB server directory query arbitrary file access

Summary An arbitrary file access vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB request can leak metadata of arbitrary files. This vulnerability can be triggered by sending a malicious packet to the vulnerable server. Tested Versions Apple macOS 11.2 Product URLs...

Accusoft ImageGear JPG sof_nb_comp header processing out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the JPG sofnbcomp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

Accusoft ImageGear PDF process_fontname stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the PDF processfontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear...

Accusoft ImageGear JPG Handle_JPEG420 out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the JPG HandleJPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft ImageGear 19.9...

Accusoft ImageGear DICOM parse_dicom_meta_info integer overflow vulnerability

Summary An integer overflow vulnerability exists in the DICOM parsedicommetainfo functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...

Accusoft ImageGear PNG png_palette_process memory corruption vulnerability

Summary A memory corruption vulnerability exists in the PNG pngpaletteprocess functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability. Tested Versions Accusoft ImageGear...

Accusoft ImageGear TIF bits_per_sample processing out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the TIF bitspersample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Accusoft...

Accusoft ImageGear TIF IP_planar_raster_unpack improper array index validation vulnerability

Summary An improper array index validation vulnerability exists in the TIF IPplanarrasterunpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

Linux Kernel Arm SIGPAGE information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1243 Linux Kernel Arm SIGPAGE information disclosure vulnerability May 28, 2021 CVE Number CVE-2021-21781 SUMMARY An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4...

Trend Micro Inc. Home Network Security SFTP log collection server hard-coded password vulnerability

Summary A hard-coded password vulnerability exists in the SFTP Log Collection Server function of Trend Micro Inc.’s Home Network Security 6.1.567. A specially crafted network request can lead to arbitrary authentication. An attacker can send an unauthenticated message to trigger this vulnerabilit...

Trend Micro, Inc. Home Network Security tdts.ko chrdev_ioctl_handle privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the tdts.ko chrdevioctlhandle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to increased privileges. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Trend...

Trend Micro Inc. Home Network Security tdts.ko chrdev_ioctl_handle privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the tdts.ko chrdevioctlhandle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to code execution. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Trend Micro,...

Google Chrome AudioDelayDSPKernel::ProcessKRate heap-based buffer overflow vulnerability

Summary An exploitable heap-based buffer overflow vulnerability exists in the Google Chromium browser affecting at least versions 89.0.4383.0 64-bit and 90.0.4390.0 64-bit. A specially crafted HTML web page can cause a heap-based Buffer Overflow condition, resulting in a remote code execution. Th...

Apple macOS SMB server signature verification information disclosure vulnerability

Summary An information disclosure vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger an integer overflow, leading to information disclosure, cryptographic check bypass and denial of service. This vulnerability can be triggered by sending a maliciou...

Adobe Acrobat Reader DC JavaScript search query code execution vulnerability

Summary A use-after-free vulnerability exists in the way Adobe Acrobat Reader DC 2020.013.20074 executes search queries through JavaScript. A specially crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious file to...

Foxit Reader FileAttachment annotation use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into openi...

Systemd DHCP client denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the...

MZ Automation GmbH lib60870.NET ASDU message processing denial of service vulnerability

Summary A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability. Tested...

Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability

Talos Vulnerability Report TALOS-2021-1239 Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability April 22, 2021 CVE Number CVE-2021-31517 SUMMARY A denial-of-service vulnerability exists in the tdts.ko TRF file-parsing functionality of Trend Micro Inc.’s...

Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability

Talos Vulnerability Report TALOS-2021-1240 Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability April 22, 2021 CVE Number CVE-2021-31518 SUMMARY A denial-of-service vulnerability exists in the tdts.ko TRF file-parsing function of Trend Micro Inc.’s Home...

Prusa Research PrusaSlicer Admesh stl_fix_normal_directions() out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Admesh stlfixnormaldirections functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Obj.cpp loadobj functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...

Prusa Research PrusaSlicer Objparser::objparse() stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Synology DSM synoagentregisterd server finder out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the synoagentregisterd server finder functionality of Synology DSM 6.2.3 25426 DS120j. A specially crafted HTTP response can lead to remote code execution. An attacker can use man-in-the-middle techniques to trigger this vulnerability. Tested...

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers. An attacker can impersonate the remote QuickConnect servers in order to impersonate the remote device and in turn steal the device’s credentials. An attacker...

Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability

Summary A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability

Summary A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions Cosori Smart...

Microsoft Azure Sphere Linux namespace ptrace unsigned code execution vulnerability

Summary An unsigned code execution vulnerability exists in the Linux namespace ptrace functionality of Microsoft Azure Sphere 21.01. Specially crafted shellcode could allow an adversary to execute unsigned code. An attacker can change the namespace and use ptrace to modify the code of a running...

OpenClinic GA web portal multiple SQL injection vulnerabilities in the 'getAssets.jsp' page

Summary Multiple exploitable SQL injection vulnerabilities exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...

OpenClinic GA web portal multiple SQL injection vulnerabilities in 'listImmoLabels.jsp' page

Summary A number of exploitable SQL injection vulnerabilities exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...

OpenClinic GA unauthenticated command injection vulnerability

Summary An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially...

OpenClinic GA web portal SQL injection vulnerability in 'statistics/quickFile.jsp' page

Summary An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3 Product...

Microsoft Azure Sphere Kernel pwm_ioctl_apply_state kfree() code execution vulnerability

Summary A code execution vulnerability exists in the kernel pwmioctlapplystate functionality of Microsoft Azure Sphere 21.01. A specially crafted ioctl can lead to arbitrary kfree. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Microsoft Azure Sphere 21.01 Product...

OpenClinic GA installation privilege escalation vulnerability

Summary An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. Tested Versions OpenClinic GA 5.173.3 Product URLs...

OpenClinic GA Web portal SQL injection vulnerability in 'manageServiceStocks.jsp' page

Summary An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...

OpenClinic GA web portal multiple SQL injection vulnerabilities in 'patientslist.do' page

Summary A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...

Microsoft Azure Sphere mount namespace unsigned code execution vulnerability

Summary An unsigned code execution vulnerability exists in the mount namespace functionality of Microsoft Azure Sphere 21.01. A specially crafted shellcode could allow an adversary to execute an arbitrary binary in a tmpfs mount, leading to unsigned code execution. An attacker can switch to a new...

Microsoft Azure Sphere mqueue inode initialization kernel code execution vulnerability

Summary A code execution vulnerability exists in the mqueue inode initialization functionality of Microsoft Azure Sphere 21.01. A specially crafted set of syscalls can lead to uninitialized kernel read, which in turn leads to code execution in kernel. To trigger this vulnerability, an attacker ca...

Rukovoditel Project Management App application SQL injection vulnerability in the 'global_lists/choices' page

Summary An exploitable SQL injection vulnerability exists in ‘globallists/choices’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done...

Rukovoditel Project Management App SQL injection vulnerability in the 'forms_fields_rules/rules' page

Summary An exploitable SQL injection vulnerability exists in the ‘formsfieldsrules/rules’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be...

Dream Report platform privilege escalation vulnerability

Summary Multiple privilege escalation vulnerabilities exist in Dream Report 5 R20-2. A specially crafted executable can cause elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Dream Report 5 R20-2 Product URLs https://dreamreport.net/...