2205 matches found
Accusoft ImageGear TIFF fill_in_raster buffer copy operation code execution vulnerability
Summary An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a...
Linux Kernel /proc/pid/syscall information disclosure vulnerability
Summary An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that...
Zoom Communications Registered Users Enumeration
Summary Zoom doesn’t properly validate certain XMPP requests coming from the clients, which can lead to disclosure of details about registered users. Tested Versions Zoom Service As Of April 9th 2020 Product URLs https://zoom.us CVSSv3 Score 6.5 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE...
Prusa Research PrusaSlicer _3MF_Importer::_handle_end_model() use-after-free vulnerability
Summary A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested...
Synology DSM AppArmor synosearchagent misconfiguration vulnerability
Summary A misconfiguration exists in AppArmor’s synosearchagent profile of Synology DSM 6.2.3 25426 DS120j. A specially crafted kernel module can be loaded, leading to a bypass of AppArmor’s restrictions. An attacker can use insmod to trigger this vulnerability. Tested Versions Synology DSM 6.2.3...
Microsoft Media Foundation CQTMetadataKeysAtom GetKeyForIndex Information Disclosure Vulnerability
Summary An exploitable code execution vulnerability exists in the CQTMetadataKeysAtom GetKeyForIndex functionality of Microsoft Corporation Microsoft Media Foundation 10.0.18362.476. A specially crafted malformed file can cause code execution resulting in remote code execution. An attacker can...
F2fs-tools fsck.f2fs sanity_check_area_boundary code execution vulnerability
Summary An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this...
3S-Smart Software Solutions CODESYS GatewayService memory corruption vulnerability
Summary An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send ...
3S CODESYS control authentication hard-coded encryption key vulnerability
Talos Vulnerability Report TALOS-2019-0896 3S CODESYS control authentication hard-coded encryption key vulnerability March 25, 2020 CVE Number CVE-2019-5104 Summary A hard-coded encryption key vulnerability exists in the authentication functionality of 3S CODESYS Control, version 3.5.13.20. An...
NVIDIA D3D10 Driver nvwgf2umx_cfg.dll nvwg FTOI code execution vulnerability
Summary An exploitable code execution vulnerability exists in the nvwg functionality of NVIDIA Corporation NVIDIA D3D10 driver nvwgf2umxcfg.dll, version 442.50 - 26.21.14.4250. A specially crafted shader could allow an adversary to execute remote code. An attacker can use this vulnerability to...
Intel Raid Web Console 3 DISCOVERY Denial of Service
Summary An exploitable denial of service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can cause the LSA.exe service to exit, resulting in a denial of service. A remote unauthenticated attacker can send a malicious POST request to trigg...
Intel Raid Web Console 3 add server denial-of-service vulnerability
Summary A remote, exploitable denial-of-service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can lead to a null pointer dereference in the Intel Raid Web Console server. This would result in a denial of service until the user restarts...
Videolabs libmicrodns 0.1.0 message-parsing bounds denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would...
Videolabs libmicrodns 0.1.0 resource allocation denial-of-service vulnerabilities
Summary Multiple exploitable denial-of-service vulnerabilities exist in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustio...
GStreamer gst-rtsp-server GstRTSPAuth Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this...
Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability
Summary An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function’s return value is not checked, leading to a double free that could be exploited to execute arbitrary...
Videolabs libmicrodns 0.1.0 resource record recursive label uncompression denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attack...
Videolabs libmicrodns 0.1.0 TXT record RDATA-parsing denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send ...
Videolabs libmicrodns 0.1.0 mdns_recv return value denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdnsrecv, the return value of the mdnsreadheader function is not checked, leading to an uninitialized variable usage that eventually...
Microsoft Windows 10 Kernel SetMapMode MM_HIENGLISH information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the kernel of Microsoft Windows 10 Insider Preview Fast and Stable. A specially crafted executable can cause an out-of-bounds read, resulting in information disclosure. To trigger this vulnerability, the attacker needs to execu...
WAGO e!COCKPIT file path improper input validation vulnerability
Summary An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executi...
WAGO PFC200 Cloud Connectivity Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Tested Versions WAGO PFC200 Firmware versi...
WAGO PFC200 iocheckd service "I/O-Check" cache gateway Memory Corruption Vulnerability
Summary An exploitable double free vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability
Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...
WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities
Summary An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An...
WAGO PFC100/200 Web-Based Management (WBM) FastCGI configuration insufficient resource pool denial of service
Summary The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to “provide high performance for all Internet applications without the penalties of Web...
WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Memory Corruption Vulnerabilities
Summary An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted xml cache file written to a specific location on the device can cause a stack buffer overflow, resulting in a denial of service an...
WAGO PFC200 Cloud Connectivity TimeoutPrepared Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version...
WAGO e!Cockpit network communication cleartext transmission vulnerability
Summary A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords,...
WAGO PFC200 Cloud Connectivity Improper Host Validation Vulnerability
Summary An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An...
WAGO PFC200 Cloud Connectivity TimeoutUnconfirmed Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WA...
WAGO PFC200 Cloud Connectivity Multiple Command Injection Vulnerabilities
Summary An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WAGO...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability
Summary An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC100/200 controllers. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information...
WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Command Injection Vulnerabilities
Summary An exploitable command injection vulnerability exists in the iocheckd service “I/O-Check” function of the WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to...
Zoom conference room connector service insufficient session invalidation
Summary Zoom Conference Room Connector services perform insufficient session invalidation upon certain user administration tasks which enable a demoted or deleted user to still access the room administration interface. If a user has administrative access to the connected device and if this access...
Webkit AudioSourceProviderGStreamer use-after-free vulnerability
Summary A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. Tested Versions Webkit WebKitGTK 2.30.1 Product URLs https://webkit.org/ CVSSv3 Score 8.8 -...
Epignosis eFront LMS Password Reset authentication bypass vulnerability
Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...
Synology DSM findhostd unencrypted credentials disclosure vulnerability
Summary An information disclosure vulnerability exists in the findhostd authentication functionality of Synology DSM 6.2.3 25426 DS120j. Using an application e.g. Synology Assistant can lead to information disclosure of administrator credentials. An attacker can sniff network traffic to trigger...
Moxa AWK-3131A iw_console Privilege Escalation Vulnerability
Summary An exploitable privilege escalation vulnerability exists in the iwconsole functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send...
Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability
Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...
Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability
Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...
Moxa AWK-3131A ServiceAgent Use of Hard-coded Cryptographic Key
Summary The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Tested Versions Moxa AWK-3131A Firmware version 1.13 Product URLs...
Moxa AWK-3131A iw_console conio_writestr Remote Code Execution Vulnerability
Summary An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send...
Slic3r libslic3r AMF File AMFParserContext::endElement() out-of-bounds read vulnerability
Summary An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this...
Moxa AWK-3131A iw_webs User Configuration Remote Code Execution Vulnerability
Summary An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker ca...
Moxa AWK-3131A WAP Hostname Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An...
Moxa AWK-3131A ServiceAgent denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send th...
Moxa AWK-3131A iw_webs DecryptScriptFile file name Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. A...
Moxa AWK-3131A iw_webs iw_serverip Parameter Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An...
Moxa AWK-3131A Encrypted Diagnostic Script Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An...