NZXT CAM WinRing0x64 driver IRP 0x9c402084 information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...

Lantronix XPort EDGE Web Manager and telnet CLI cleartext transmission of sensitive information vulnerability

Summary An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this...

NZXT CAM WinRing0x64 driver IRP 0x9c406144 information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Tested...

NZXT CAM WinRing0x64 Driver Privileged I/O Write IRPs Privilege Escalation Vulnerability

Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions...

NZXT CAM WinRing0x64 driver IRP 0x9c402088 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Tested Versions NZXT CAM 4.8...

NZXT CAM WinRing0x64 driver privileged I/O read IRPs information disclosure vulnerability

Summary An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this...

Foxit Reader JavaScript choice field format event use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

Foxit Reader JavaScript remove template use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

Foxit Reader JavaScript media openPlayer type confusion vulnerability

Summary A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the...

Foxit Reader JavaScript choice field use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

Foxit Reader Javascript Field fileSelect Use After Free Vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

Microsoft Office ElementType code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in Excel as part of Microsoft Office 365 ProPlus x86, version 2002, build 12527.20988. A specially crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to...

Schneider Electric EcoStruxure Control Expert APX project file processing code execution vulnerability

Summary A local code execution vulnerability exists in the APX project file processing functionality of Schneider Electric EcoStruxure Control Expert 14.1. The opening of a STA project archive containing a specially crafted APX project file can lead to code execution. An attacker can provide a...

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability

Summary A code execution vulnerability exists in the Modbus message-processing functionality of Schneider Electric EcoStruxure Control Expert PLC Simulator 14.1. A specially crafted network request can lead to remote code execution. An attacker can send a large Modbus request to trigger this...

EIP Stack Group OpENer ethernet/IP server denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests ...

EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

Webkit ImageDecoderGStreamer use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. Tested...

Webkit WebSocket code execution vulnerability

Summary A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

ProcessMaker sort parameter multiple SQL Injection Vulnerabilities

Summary Multiple SQL injection vulnerabilities exist in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions ProcessMaker 3.4.11...

Pixar OpenUSD binary file format index type values information leak vulnerability

Talos Vulnerability Report TALOS-2020-1105 Pixar OpenUSD binary file format index type values information leak vulnerability November 12, 2020 CVE Number CVE-2020-13498,CVE-2020-13496,CVE-2020-13497 SUMMARY An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain...

Pixar OpenUSD binary file format offset seek information leak vulnerability

Summary An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used...

Pixar OpenUSD Binary File Format Token Strings Information Leak Vulnerability

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This...

Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to acce...

Pixar OpenUSD binary file format specs memory corruption

Summary An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, t...

Pixar OpenUSD Binary File Format Decompressed Path Rebuilding Memory corruption

Summary An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability,...

Pixar OpenUSD binary file format compressed sections code execution vulnerabilities

Summary A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in remote code execution. To trigger this vulnerability, the victim needs to open a...

Pixar OpenUSD SDF layer path remote code execution

Summary A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the...

LogicalDoc installation privilege escalation vulnerability

Summary A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executi...

BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability

Talos Vulnerability Report TALOS-2020-1032 BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability November 6, 2020 CVE Number CVE-2020-6099 SUMMARY An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.232...

Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux

Talos Vulnerability Report TALOS-2020-1157 Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux November 5, 2020 CVE Number CVE-2020-24435 SUMMARY A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe...

Adobe Acrobat Reader DC form field format use after free

Talos Vulnerability Report TALOS-2020-1156 Adobe Acrobat Reader DC form field format use after free November 5, 2020 CVE Number CVE-2020-24437 SUMMARY A specific JavaScript code embedded in a PDF file can trigger a use-after-free vulnerability when opening a PDF document in Adobe Acrobat Reader D...

Moxa MXView series installation privilege escalation vulnerability

Talos Vulnerability Report TALOS-2020-1148 Moxa MXView series installation privilege escalation vulnerability November 3, 2020 CVE Number CVE-2020-13537,CVE-2020-13536 SUMMARY Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Moxa MXView series...

Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability

Talos Vulnerability Report TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability October 30, 2020 CVE Number CVE-2020-27658 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality o...

Synology QuickConnect servers network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the VPN servers of Synology QuickConnect. The server does not enforce proper subnetting, allowing an attacker to reach any device connected to the VPN. To abuse this vulnerability, the attacker needs to change their subnet...

Synology SRM QuickConnect authentication Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1058 Synology SRM QuickConnect authentication Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27649 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect authentication functionality of Synology SRM...

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability October 29, 2020 CVE Number None SUMMARY An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers...

Synology SRM lbd service Command Execution Vulnerability

Summary An exploitable command execution vulnerability exists in the lbd service functionality of Qualcomm lbd 1.1, as present in Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted debug command can overwrite arbitrary files with controllable content, resulting in remote code execution. An...

Synology SRM QuickConnect iptables network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the QuickConnect iptables functionality of Synology SRM 1.2.3 RT2600ac 8017-5. Packets originating from the QuickConnect VPN interface are not filtered, resulting in unrestricted communication with any network service running...

Synology SRM dnsExit DDNS provider information disclosure vulnerability

Summary An information disclosure vulnerability exists in the dnsExit DDNS provider functionality of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted man-in-the-middle attack can steal the dnsExit credentials to take over the registered subdomain. An attacker can impersonate the remote...

Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27653 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect HTTP connection functionality of Synology SRM...

Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27651 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality of...

Google Chrome DrawElementsInstanced information leak vulnerability

Talos Vulnerability Report TALOS-2020-1123 Google Chrome DrawElementsInstanced information leak vulnerability October 22, 2020 CVE Number CVE-2020-6555 SUMMARY An information disclosure vulnerability exists in the WebGL functionality of Google Chrome 83.0.4103.116 Stable 64-bit and 86.0.4198.0...

Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability

Talos Vulnerability Report TALOS-2020-1127 Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability October 20, 2020 CVE Number CVE-2020-6542 SUMMARY A code execution vulnerability exists in the WebGL functionality of Google Chrome 84.0.4147.89 and 85.0.4169.0 Developer Build...

F2fs-Tools F2fs.Fsck fsck_chk_orphan_node Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the fsckchkorphannode functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

F2fs-Tools F2fs.Fsck Multiple Devices Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...

F2fs-Tools F2fs.Fsck dev_read Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this...

F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...

F2fs-Tools F2fs.Fsck init_node_manager Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...

Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Logical Segment Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2020-1102 AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability October 13, 2020 CVE Number CVE-2020-12933 SUMMARY A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS 26.20.15029.27017. A specially...