2224 matches found
Moxa MXView series installation privilege escalation vulnerability
Talos Vulnerability Report TALOS-2020-1148 Moxa MXView series installation privilege escalation vulnerability November 3, 2020 CVE Number CVE-2020-13537,CVE-2020-13536 SUMMARY Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Moxa MXView series...
Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability
Talos Vulnerability Report TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability October 30, 2020 CVE Number CVE-2020-27658 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality o...
Synology SRM lbd service Command Execution Vulnerability
Summary An exploitable command execution vulnerability exists in the lbd service functionality of Qualcomm lbd 1.1, as present in Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted debug command can overwrite arbitrary files with controllable content, resulting in remote code execution. An...
Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27651 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality of...
Synology QuickConnect servers network misconfiguration vulnerability
Summary An exploitable network misconfiguration vulnerability exists in the VPN servers of Synology QuickConnect. The server does not enforce proper subnetting, allowing an attacker to reach any device connected to the VPN. To abuse this vulnerability, the attacker needs to change their subnet...
Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability October 29, 2020 CVE Number None SUMMARY An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers...
Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27653 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect HTTP connection functionality of Synology SRM...
Synology SRM QuickConnect authentication Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1058 Synology SRM QuickConnect authentication Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27649 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect authentication functionality of Synology SRM...
Synology SRM QuickConnect iptables network misconfiguration vulnerability
Summary An exploitable network misconfiguration vulnerability exists in the QuickConnect iptables functionality of Synology SRM 1.2.3 RT2600ac 8017-5. Packets originating from the QuickConnect VPN interface are not filtered, resulting in unrestricted communication with any network service running...
Synology SRM dnsExit DDNS provider information disclosure vulnerability
Summary An information disclosure vulnerability exists in the dnsExit DDNS provider functionality of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted man-in-the-middle attack can steal the dnsExit credentials to take over the registered subdomain. An attacker can impersonate the remote...
Google Chrome DrawElementsInstanced information leak vulnerability
Talos Vulnerability Report TALOS-2020-1123 Google Chrome DrawElementsInstanced information leak vulnerability October 22, 2020 CVE Number CVE-2020-6555 SUMMARY An information disclosure vulnerability exists in the WebGL functionality of Google Chrome 83.0.4103.116 Stable 64-bit and 86.0.4198.0...
Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability
Talos Vulnerability Report TALOS-2020-1127 Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability October 20, 2020 CVE Number CVE-2020-6542 SUMMARY A code execution vulnerability exists in the WebGL functionality of Google Chrome 84.0.4147.89 and 85.0.4169.0 Developer Build...
F2fs-Tools F2fs.Fsck dev_read Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this...
F2fs-Tools F2fs.Fsck init_node_manager Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...
F2fs-Tools F2fs.Fsck Multiple Devices Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...
F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...
F2fs-Tools F2fs.Fsck fsck_chk_orphan_node Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the fsckchkorphannode functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerabilit...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Data Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
Allen-Bradley MicroLogix 1100 programmable logic controller systems IPv4 denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Logical Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Port Segment Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2020-1102 AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability October 13, 2020 CVE Number CVE-2020-12933 SUMMARY A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS 26.20.15029.27017. A specially...
AMD ATIKMDAG.SYS D3DKMTCreateAllocation handler denial-of-service vulnerability
Talos Vulnerability Report TALOS-2020-1119 AMD ATIKMDAG.SYS D3DKMTCreateAllocation handler denial-of-service vulnerability October 7, 2020 CVE Number CVE-2020-12911 SUMMARY A denial-of-service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS...
NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MOV code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg MOV functionality of the NVIDIA D3D10 driver, version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V RemoteFX...
Apple Safari/Webkit aboutBlankURL() code execution vulnerability
Talos Vulnerability Report TALOS-2020-1124 Apple Safari/Webkit aboutBlankURL code execution vulnerability September 30, 2020 CVE Number CVE-2020-9951 SUMMARY An exploitable use-after-free vulnerability exists in MacOSX Safari Version 13.0.2 15609.2.9.1.2, 610+ Webkit GIT...
NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MUL code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg MUL functionality of NVIDIA D3D10 Driver Version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V RemoteFX. Test...
NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MOV_SAT code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg MOVSAT functionality of the NVIDIA D3D10 driver, version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V...
NVIDIA D3D10 Driver nvwgf2umx_cfg.dll nvwg DCL_CONSTANT_BUFFER code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg DCLCONSTANTBUFFER functionality of NVIDIA D3D10 Driver Version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V...
Aveva eDNA Enterprise Data Historian FavoritesService.asmx SQL injection Vulnerability
Talos Vulnerability Report TALOS-2020-1097 Aveva eDNA Enterprise Data Historian FavoritesService.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-6153 Summary An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA...
Aveva eDNA Enterprise data historian DNAPoints.asmx SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1107 Aveva eDNA Enterprise data historian DNAPoints.asmx SQL injection vulnerability September 23, 2020 CVE Number CVE-2020-13502 Summary An exploitable SQL injection vulnerability exists in the DNAPoints.asmx web Service functionality of eDNA Enterprise Data...
Microsoft Azure Sphere Littlefs Quota denial of service vulnerability
Talos Vulnerability Report TALOS-2020-1129 Microsoft Azure Sphere Littlefs Quota denial of service vulnerability September 23, 2020 CVE Number CVE-2020-16986 SUMMARY A denial of service vulnerability exists in the Littlefs Quota functionality of Microsoft Azure Sphere 20.06. A specially crafted s...
Microsoft Azure Sphere Pluton SIGN_WITH_TENANT_ATTESTATION_KEY memory corruption vulnerability
Talos Vulnerability Report TALOS-2020-1139 Microsoft Azure Sphere Pluton SIGNWITHTENANTATTESTATIONKEY memory corruption vulnerability September 23, 2020 CVE Number None SUMMARY A memory corruption vulnerability exists in the Pluton SIGNWITHTENANTATTESTATIONKEY functionality of Microsoft Azure...
Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability
Talos Vulnerability Report TALOS-2020-1130 Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability September 23, 2020 CVE Number None SUMMARY An information disclosure vulnerability exists in the Littlefs filesystem functionality of Microsoft Azure Sphere 20.06. A specially...
Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities
Talos Vulnerability Report TALOS-2020-1106 Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities September 23, 2020 CVE Number CVE-2020-13501,CVE-2020-13499,CVE-2020-13500 SUMMARY Multiple SQL injection vulnerabilities exists in the CHaD.asmx web service...
Microsoft Azure Sphere Normal World application PACKET_MMAP unsigned code execution vulnerability
Talos Vulnerability Report TALOS-2020-1134 Microsoft Azure Sphere Normal World application PACKETMMAP unsigned code execution vulnerability September 23, 2020 CVE Number None SUMMARY A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure...
Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability
Talos Vulnerability Report TALOS-2020-1109 Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-13507, CVE-2020-13508 Summary Multiple SQL injection vulnerabilities exist in the Alias.asmx Web Service functionality of eDNA Enterprise...
Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities
Talos Vulnerability Report TALOS-2020-1108 Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities September 23, 2020 CVE Number CVE-2020-13503, CVE-2020-13504, CVE-2020-13505, CVE-2020-13521 Summary Multiple SQL injection vulnerabilities exists in the...
Nitro Pro PDF ICCBased ColorSpace Stroke Color Code Execution Vulnerability
Talos Vulnerability Report TALOS-2020-1084 Nitro Pro PDF ICCBased ColorSpace Stroke Color Code Execution Vulnerability September 15, 2020 CVE Number CVE-2020-6146 SUMMARY An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Wh...
Nitro Pro XRefTable Entry Missing Object Code Execution Vulnerability
Talos Vulnerability Report TALOS-2020-1068 Nitro Pro XRefTable Entry Missing Object Code Execution Vulnerability September 15, 2020 CVE Number CVE-2020-6115 SUMMARY An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro...
Nitro Pro Indexed ColorSpace Rendering Code Execution Vulnerability
Summary An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its...
Nitro Pro PDF JPEG2000 Stripe Sub-sample Decoding Out-of-bounds Write Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile...
Nitro Pro PDF Object Stream Parsing Number of Objects Remote Code Execution Vulnerability
Summary An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate...
Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability
Summary A memory corruption vulnerability exists in the way Google Chrome 83.0.4103.61 executes JavaScript inside PDF documents. A specially crafted web page can cause out of bounds memory access. To trigger this vulnerability, the victim must visit a malicious webpage or open a malicious PDF...
Microsoft Windows 10 CLFS.sys ValidateRegionBlocks privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the CLFS.sys ValidateRegionBlocks functionality of Microsoft Windows 10 CLFS.SYS 10.0.19041.264 WinBuild.160101.0800 and Insider Preview CLFS.SYS 10.0.20150.1000 WinBuild.160101.0800. A specially crafted malformed log file can cause a heap...
Accusoft ImageGear TIFF handle_COMPRESSION_PACKBITS memory corruption vulnerability
Talos Vulnerability Report TALOS-2020-1095 Accusoft ImageGear TIFF handleCOMPRESSIONPACKBITS memory corruption vulnerability September 1, 2020 CVE Number CVE-2020-6151 SUMMARY A memory corruption vulnerability exists in the TIFF handleCOMPRESSIONPACKBITS functionality of Accusoft ImageGear 19.7. ...
Accusoft ImageGear DICOM parse_dicom_meta_info code execution vulnerability
Talos Vulnerability Report TALOS-2020-1096 Accusoft ImageGear DICOM parsedicommetainfo code execution vulnerability September 1, 2020 CVE Number CVE-2020-6152 SUMMARY A code execution vulnerability exists in the DICOM parsedicommetainfo functionality of Accusoft ImageGear 19.7. A specially crafte...
OS4Ed openSIS DownloadWindow.php SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...
OS4Ed openSIS id parameter multiple SQL injection vulnerabilities
Summary Multiple exploitable SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7.3...
OS4Ed openSIS login SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...
OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1072 OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability August 31, 2020 CVE Number CVE-2020-6117,CVE-2020-6119,CVE-2020-6121,CVE-2020-6118,CVE-2020-6120,CVE-2020-6122 SUMMARY Multiple exploitable SQL injection vulnerabilities exist in th...