Lucene search
K

2224 matches found

Talos
Talos
added 2021/01/26 12:0 a.m.56 views

Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

8.6CVSS7.6AI score0.02612EPSS
Exploits1
Talos
Talos
added 2021/01/26 12:0 a.m.128 views

Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

8.6CVSS7.6AI score0.01881EPSS
Exploits1
Talos
Talos
added 2021/01/11 12:0 a.m.54 views

FreyrSCADA IEC-60879-5-104 server simulator traffic logging denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions FreyrSCA...

7.2AI score
Exploits0
Talos
Talos
added 2021/01/07 12:0 a.m.104 views

Rockwell Automation RSLinx classic ethernet/IP server denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this...

7.5CVSS7.5AI score0.03388EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.163 views

Genivia gSOAP WS-Security plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product URLs...

7.5CVSS8.3AI score0.03023EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.70 views

Genivia gSOAP WS-Addressing plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product UR...

7.5CVSS8.3AI score0.02267EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.166 views

SoftMaker Office TextMaker Document Record 0x002a integer overflow vulnerability

Summary An exploitable integer overflow vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this...

8.8CVSS8AI score0.01397EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.174 views

Genivia gSOAP WS-Security plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product URLs...

7.5CVSS8.2AI score0.03023EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.171 views

SoftMaker Office TextMaker Document Record 0x003f integer conversion vulnerability

Summary An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this...

8.8CVSS7.9AI score0.01581EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.172 views

Genivia gSOAP WS-Security plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product URLs...

7.5CVSS8.3AI score0.03023EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.168 views

Genivia gSOAP WS-Addressing plugin code execution vulnerability

Summary A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product...

9.8CVSS10AI score0.0586EPSS
Exploits1
Talos
Talos
added 2021/01/05 12:0 a.m.169 views

SoftMaker Office TextMaker Document Record 0x001f sign-extension vulnerability

Summary An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the...

8.8CVSS7.8AI score0.01581EPSS
Exploits1
Talos
Talos
added 2021/01/04 12:0 a.m.69 views

Win-911 Enterprise Platform privilege escalation vulnerability

Summary Multiple exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when...

9.3CVSS8.2AI score0.00588EPSS
Exploits2
Talos
Talos
added 2021/01/04 12:0 a.m.38 views

Win-911 mobile server platform privilege escalation vulnerability

Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other...

9.3CVSS9.2AI score0.00608EPSS
Exploits1
Talos
Talos
added 2020/12/18 12:0 a.m.37 views

Microsoft Azure Sphere networkd mdns denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the networkd mDNS functionality of Microsoft Azure Sphere 20.07. A specific bind call can cause a denial of service, requiring manual recovery. An attacker can bind to port 5353 to trigger this vulnerability. Tested Versions Microsoft Azure Sphe...

7.5AI score
Exploits0
Talos
Talos
added 2020/12/16 12:0 a.m.63 views

NZXT CAM WinRing0x64 Driver Privileged I/O Write IRPs Privilege Escalation Vulnerability

Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions...

8.8CVSS8.7AI score0.00527EPSS
Exploits3
Talos
Talos
added 2020/12/16 12:0 a.m.66 views

NZXT CAM WinRing0x64 driver IRP 0x9c406144 information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...

6.5CVSS6.4AI score0.00509EPSS
Exploits1
Talos
Talos
added 2020/12/16 12:0 a.m.209 views

Kepware LinkMaster Service privilege escalation vulnerability

Talos Vulnerability Report TALOS-2020-1147 Kepware LinkMaster Service privilege escalation vulnerability December 16, 2020 CVE Number CVE-2020-13535 Summary A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite...

9.3CVSS8.1AI score0.0066EPSS
Exploits1
Talos
Talos
added 2020/12/16 12:0 a.m.54 views

Lantronix XPort EDGE Web Manager CSRF vulnerability

Summary An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Test...

4.8CVSS5.1AI score0.00589EPSS
Exploits0
Talos
Talos
added 2020/12/16 12:0 a.m.61 views

NZXT CAM WinRing0x64 driver IRP 0x9c40a148 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested...

8.8CVSS8.9AI score0.00527EPSS
Exploits1
Talos
Talos
added 2020/12/16 12:0 a.m.76 views

NZXT CAM WinRing0x64 driver IRP 0x9c402084 information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...

6.5CVSS6.4AI score0.00509EPSS
Exploits1
Talos
Talos
added 2020/12/16 12:0 a.m.60 views

NZXT CAM WinRing0x64 driver privileged I/O read IRPs information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this...

6.5CVSS6.2AI score0.00509EPSS
Exploits3
Talos
Talos
added 2020/12/16 12:0 a.m.82 views

NZXT CAM WinRing0x64 Driver IRP 0x9c406104 information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...

6.5CVSS5.5AI score0.00524EPSS
Exploits1
Talos
Talos
added 2020/12/16 12:0 a.m.51 views

Lantronix XPort EDGE Web Manager and telnet CLI cleartext transmission of sensitive information vulnerability

Summary An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this...

5.3CVSS4.3AI score0.02933EPSS
Exploits0
Talos
Talos
added 2020/12/16 12:0 a.m.83 views

NZXT CAM WinRing0x64 driver IRP 0x9c402088 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions NZXT CAM 4.8...

8.8CVSS8.9AI score0.00566EPSS
Exploits2
Talos
Talos
added 2020/12/09 12:0 a.m.33 views

Foxit Reader JavaScript choice field format event use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS9.2AI score0.02929EPSS
Exploits1
Talos
Talos
added 2020/12/09 12:0 a.m.121 views

Foxit Reader JavaScript media openPlayer type confusion vulnerability

Summary A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the...

8.8CVSS9AI score0.02869EPSS
Exploits1
Talos
Talos
added 2020/12/09 12:0 a.m.98 views

Foxit Reader JavaScript choice field use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS9.2AI score0.71145EPSS
Exploits1
Talos
Talos
added 2020/12/09 12:0 a.m.54 views

Foxit Reader Javascript Field fileSelect Use After Free Vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

8.8CVSS8.7AI score0.66678EPSS
Exploits1
Talos
Talos
added 2020/12/09 12:0 a.m.87 views

Foxit Reader JavaScript remove template use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

8.8CVSS8.6AI score0.02239EPSS
Exploits1
Talos
Talos
added 2020/12/08 12:0 a.m.90 views

Microsoft Office ElementType code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in Excel as part of Microsoft Office 365 ProPlus x86, version 2002, build 12527.20988. A specially crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to...

9.3CVSS7.9AI score0.03568EPSS
Exploits0
Talos
Talos
added 2020/12/08 12:0 a.m.245 views

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability

Summary A code execution vulnerability exists in the Modbus message-processing functionality of Schneider Electric EcoStruxure Control Expert PLC Simulator 14.1. A specially crafted network request can lead to remote code execution. An attacker can send a large Modbus request to trigger this...

7.5CVSS8.1AI score0.01882EPSS
Exploits1
Talos
Talos
added 2020/12/08 12:0 a.m.112 views

Schneider Electric EcoStruxure Control Expert APX project file processing code execution vulnerability

Summary A local code execution vulnerability exists in the APX project file processing functionality of Schneider Electric EcoStruxure Control Expert 14.1. The opening of a STA project archive containing a specially crafted APX project file can lead to code execution. An attacker can provide a...

8.6CVSS8.8AI score0.01387EPSS
Exploits0
Talos
Talos
added 2020/12/02 12:0 a.m.115 views

EIP Stack Group OpENer ethernet/IP server denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests ...

7.5CVSS7.7AI score0.02063EPSS
Exploits1
Talos
Talos
added 2020/12/02 12:0 a.m.55 views

EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS9.6AI score0.04519EPSS
Exploits1
Talos
Talos
added 2020/11/30 12:0 a.m.72 views

Webkit WebSocket code execution vulnerability

Summary A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

8.8CVSS9AI score0.03266EPSS
Exploits1
Talos
Talos
added 2020/11/30 12:0 a.m.76 views

Webkit ImageDecoderGStreamer use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. Tested...

8.8CVSS9.1AI score0.04446EPSS
Exploits1
Talos
Talos
added 2020/11/17 12:0 a.m.118 views

ProcessMaker sort parameter multiple SQL Injection Vulnerabilities

Summary Multiple SQL injection vulnerabilities exist in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions ProcessMaker 3.4.11...

8.8CVSS8.2AI score0.01682EPSS
Exploits2
Talos
Talos
added 2020/11/12 12:0 a.m.117 views

Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to acce...

8.8CVSS7.8AI score0.02558EPSS
Exploits1
Talos
Talos
added 2020/11/12 12:0 a.m.63 views

Pixar OpenUSD binary file format offset seek information leak vulnerability

Summary An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used...

9.3CVSS7.2AI score0.01864EPSS
Exploits0
Talos
Talos
added 2020/11/12 12:0 a.m.125 views

Pixar OpenUSD Binary File Format Decompressed Path Rebuilding Memory corruption

Summary An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability,...

8.8CVSS8AI score0.02023EPSS
Exploits1
Talos
Talos
added 2020/11/12 12:0 a.m.127 views

Pixar OpenUSD SDF layer path remote code execution

Summary A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the...

8.8CVSS8.5AI score0.02682EPSS
Exploits1
Talos
Talos
added 2020/11/12 12:0 a.m.49 views

Pixar OpenUSD binary file format specs memory corruption

Summary An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, t...

6.3CVSS6.7AI score0.00817EPSS
Exploits1
Talos
Talos
added 2020/11/12 12:0 a.m.87 views

Pixar OpenUSD binary file format compressed sections code execution vulnerabilities

Summary A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in remote code execution. To trigger this vulnerability, the victim needs to open a...

8.8CVSS7.9AI score0.01433EPSS
Exploits4
Talos
Talos
added 2020/11/12 12:0 a.m.153 views

Pixar OpenUSD binary file format index type values information leak vulnerability

Talos Vulnerability Report TALOS-2020-1105 Pixar OpenUSD binary file format index type values information leak vulnerability November 12, 2020 CVE Number CVE-2020-13498,CVE-2020-13496,CVE-2020-13497 SUMMARY An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain...

6.5CVSS4.9AI score0.0168EPSS
Exploits3
Talos
Talos
added 2020/11/12 12:0 a.m.43 views

Pixar OpenUSD Binary File Format Token Strings Information Leak Vulnerability

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This...

5.5CVSS4.8AI score0.01164EPSS
Exploits1
Talos
Talos
added 2020/11/10 12:0 a.m.32 views

LogicalDoc installation privilege escalation vulnerability

Summary A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executi...

9.3CVSS8.2AI score0.00603EPSS
Exploits1
Talos
Talos
added 2020/11/06 12:0 a.m.42 views

BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability

Talos Vulnerability Report TALOS-2020-1032 BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability November 6, 2020 CVE Number CVE-2020-6099 SUMMARY An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.232...

8.8CVSS8.2AI score0.01103EPSS
Exploits1
Talos
Talos
added 2020/11/05 12:0 a.m.42 views

Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux

Talos Vulnerability Report TALOS-2020-1157 Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux November 5, 2020 CVE Number CVE-2020-24435 SUMMARY A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe...

7.8CVSS7.9AI score0.51275EPSS
Exploits0
Talos
Talos
added 2020/11/05 12:0 a.m.35 views

Adobe Acrobat Reader DC form field format use after free

Talos Vulnerability Report TALOS-2020-1156 Adobe Acrobat Reader DC form field format use after free November 5, 2020 CVE Number CVE-2020-24437 SUMMARY A specific JavaScript code embedded in a PDF file can trigger a use-after-free vulnerability when opening a PDF document in Adobe Acrobat Reader D...

7.8CVSS7.7AI score0.45125EPSS
Exploits0
Total number of security vulnerabilities2224