Lucene search
K

2224 matches found

Talos
Talos
added 2020/06/03 12:0 a.m.55 views

Zoom client application chat Giphy arbitrary file write

Summary An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to...

9.8CVSS9.3AI score0.04914EPSS
Exploits1
Talos
Talos
added 2020/06/03 12:0 a.m.42 views

Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability

Summary An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacke...

8.8CVSS8.3AI score0.04264EPSS
Exploits1
Talos
Talos
added 2020/06/02 12:0 a.m.37 views

Webkit fireEventListeners use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Tested...

8.8CVSS9.5AI score0.02824EPSS
Exploits1
Talos
Talos
added 2020/06/01 12:0 a.m.27 views

VMware Workstation 15 shader functionality round_ni denial of service vulnerability

Summary An exploitable denial of service vulnerability exists in VMware Workstation 15.5.0 build-14665864. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered fro...

5.5CVSS5.5AI score0.0045EPSS
Exploits0
Talos
Talos
added 2020/05/21 12:0 a.m.72 views

GNU glibc ARMv7 memcpy() memory corruption vulnerability

Summary An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the ‘num’ parameter results in a signed comparison vulnerability. If an attacker...

8.1CVSS8.2AI score0.05223EPSS
Exploits0
Talos
Talos
added 2020/05/21 12:0 a.m.67 views

Epson EB-1470Ui ESPON Web Control Authentication Bypass Vulnerability

Summary An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can...

9.8CVSS9.4AI score0.02298EPSS
Exploits0
Talos
Talos
added 2020/05/18 12:0 a.m.61 views

Nitro PRO PDF nested pages remote code execution vulnerability

Summary An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Nitro...

8.8CVSS9.3AI score0.40879EPSS
Exploits1
Talos
Talos
added 2020/05/18 12:0 a.m.95 views

Nitro Pro PDF Pattern Object Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file...

8.8CVSS8.5AI score0.42268EPSS
Exploits1
Talos
Talos
added 2020/05/18 12:0 a.m.69 views

Nitro Pro PDF Javascript XML error handling Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a...

6.5CVSS5.5AI score0.0265EPSS
Exploits1
Talos
Talos
added 2020/05/18 12:0 a.m.40 views

Synology SRM SafeAccess 1.2.1-0220 code execution Vvulnerability

Summary An exploitable code execution vulnerability exists in the SafeAccess 1.2.1-0220 package of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted domain access request can lead to an SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Synolo...

8.1AI score
Exploits0
Talos
Talos
added 2020/05/12 12:0 a.m.43 views

Adobe Acrobat Reader DC Javascript submitForm Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034. With careful memory manipulation, this can lead to sensitive information disclose as well as memory corruption which can lead to...

5.5CVSS7.4AI score0.02717EPSS
Exploits0
Talos
Talos
added 2020/05/12 12:0 a.m.49 views

Adobe Acrobat Reader DC Annotation Destroy Remote Code Execution

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need...

7.8CVSS8.7AI score0.04745EPSS
Exploits0
Talos
Talos
added 2020/05/12 12:0 a.m.46 views

Microsoft Office Excel s_Schema Code Execution Vulnerability

Talos Vulnerability Report TALOS-2020-1015 Microsoft Office Excel sSchema Code Execution Vulnerability May 12, 2020 CVE Number CVE-2020-0901 Summary An exploitable code execution vulnerability exists in the Excel sSchema functionality of Microsoft Corporation Microsoft Office 2001 build 12430.202...

9.8CVSS9AI score0.11563EPSS
Exploits0
Talos
Talos
added 2020/05/06 12:0 a.m.42 views

Synology SRM DHCP monitor hostname parsing Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the DHCP monitor’s hostname parsing functionality of Synology SRM 1.2.3 MR2200ac 8017 and 1.2.3 RT2600ac 8017. A specially crafted network request can cause an out-of-bounds read resulting in a denial of service. An attacker can sen...

8.6CVSS8.2AI score0.02445EPSS
Exploits1
Talos
Talos
added 2020/05/06 12:0 a.m.93 views

3S-Smart Software Solutions GmbH CODESYS Runtime PLC_Task Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the PLCTask functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested...

9.9CVSS9.3AI score0.01757EPSS
Exploits1
Talos
Talos
added 2020/05/05 12:0 a.m.58 views

Accusoft ImageGear TIFF fill_in_raster buffer copy operation code execution vulnerability

Summary An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a...

9.8CVSS9.1AI score0.03597EPSS
Exploits1
Talos
Talos
added 2020/05/05 12:0 a.m.57 views

Accusoft ImageGear ICO ico_read buffer size computation code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the icoread function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to...

9.8CVSS9.3AI score0.03597EPSS
Exploits1
Talos
Talos
added 2020/05/05 12:0 a.m.60 views

Accusoft ImageGear ICO icoread code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to t...

9.8CVSS9AI score0.03597EPSS
Exploits1
Talos
Talos
added 2020/05/05 12:0 a.m.98 views

Windows 10 Insider Preview Fast win32kbase HMMarkObjectDestroy Arbitrary Code Execution Vulnerability Regression

Summary A use after free vulnerability exists in Windows 10, Insider Preview Fast 10.0.19582.1001, when a Win32k component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the kernel context and elevation of...

7.8CVSS8.4AI score0.01055EPSS
Exploits0
Talos
Talos
added 2020/05/05 12:0 a.m.64 views

Accusoft ImageGear PNG store_data_buffer size computation code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the storedatabuffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed...

9.8CVSS8.9AI score0.03597EPSS
Exploits1
Talos
Talos
added 2020/04/27 12:0 a.m.392 views

Linux Kernel /proc/pid/syscall information disclosure vulnerability

Summary An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that...

5.5CVSS5.5AI score0.011EPSS
Exploits1
Talos
Talos
added 2020/04/21 12:0 a.m.101 views

Zoom Communications Registered Users Enumeration

Summary Zoom doesn’t properly validate certain XMPP requests coming from the clients, which can lead to disclosure of details about registered users. Tested Versions Zoom Service As Of April 9th 2020 Product URLs https://zoom.us CVSSv3 Score 6.5 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE...

7AI score
Exploits0
Talos
Talos
added 2020/04/21 12:0 a.m.30 views

Prusa Research PrusaSlicer _3MF_Importer::_handle_end_model() use-after-free vulnerability

Summary A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested...

8.8CVSS7.9AI score0.01342EPSS
Exploits1
Talos
Talos
added 2020/04/19 12:0 a.m.212 views

Synology DSM AppArmor synosearchagent misconfiguration vulnerability

Summary A misconfiguration exists in AppArmor’s synosearchagent profile of Synology DSM 6.2.3 25426 DS120j. A specially crafted kernel module can be loaded, leading to a bypass of AppArmor’s restrictions. An attacker can use insmod to trigger this vulnerability. Tested Versions Synology DSM 6.2.3...

8.2CVSS7.5AI score0.00513EPSS
Exploits1
Talos
Talos
added 2020/04/14 12:0 a.m.56 views

Microsoft Media Foundation CQTMetadataKeysAtom GetKeyForIndex Information Disclosure Vulnerability

Summary An exploitable code execution vulnerability exists in the CQTMetadataKeysAtom GetKeyForIndex functionality of Microsoft Corporation Microsoft Media Foundation 10.0.18362.476. A specially crafted malformed file can cause code execution resulting in remote code execution. An attacker can...

5.5CVSS6AI score0.0845EPSS
Exploits0
Talos
Talos
added 2020/04/09 12:0 a.m.31 views

F2fs-tools fsck.f2fs sanity_check_area_boundary code execution vulnerability

Summary An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this...

7.8CVSS7.3AI score0.0173EPSS
Exploits1
Talos
Talos
added 2020/03/25 12:0 a.m.38 views

NVIDIA D3D10 Driver nvwgf2umx_cfg.dll nvwg FTOI code execution vulnerability

Summary An exploitable code execution vulnerability exists in the nvwg functionality of NVIDIA Corporation NVIDIA D3D10 driver nvwgf2umxcfg.dll, version 442.50 - 26.21.14.4250. A specially crafted shader could allow an adversary to execute remote code. An attacker can use this vulnerability to...

7.8CVSS7.8AI score0.00359EPSS
Exploits0
Talos
Talos
added 2020/03/25 12:0 a.m.47 views

3S-Smart Software Solutions CODESYS GatewayService memory corruption vulnerability

Summary An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send ...

7.5CVSS7.8AI score0.02154EPSS
Exploits1
Talos
Talos
added 2020/03/25 12:0 a.m.85 views

3S CODESYS control authentication hard-coded encryption key vulnerability

Talos Vulnerability Report TALOS-2019-0896 3S CODESYS control authentication hard-coded encryption key vulnerability March 25, 2020 CVE Number CVE-2019-5104 Summary A hard-coded encryption key vulnerability exists in the authentication functionality of 3S CODESYS Control, version 3.5.13.20. An...

0.4AI score
Exploits0
Talos
Talos
added 2020/03/24 12:0 a.m.62 views

Intel Raid Web Console 3 add server denial-of-service vulnerability

Summary A remote, exploitable denial-of-service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can lead to a null pointer dereference in the Intel Raid Web Console server. This would result in a denial of service until the user restarts...

7.5CVSS7.5AI score0.01524EPSS
Exploits0
Talos
Talos
added 2020/03/24 12:0 a.m.128 views

Intel Raid Web Console 3 DISCOVERY Denial of Service

Summary An exploitable denial of service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can cause the LSA.exe service to exit, resulting in a denial of service. A remote unauthenticated attacker can send a malicious POST request to trigg...

7.5CVSS7.6AI score0.01524EPSS
Exploits0
Talos
Talos
added 2020/03/23 12:0 a.m.61 views

Videolabs libmicrodns 0.1.0 resource record recursive label uncompression denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attack...

7.5CVSS7.4AI score0.02396EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.36 views

Videolabs libmicrodns 0.1.0 message-parsing bounds denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would...

7.5CVSS7.9AI score0.02396EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.41 views

Videolabs libmicrodns 0.1.0 resource allocation denial-of-service vulnerabilities

Summary Multiple exploitable denial-of-service vulnerabilities exist in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustio...

7.5CVSS8.1AI score0.03011EPSS
Exploits2
Talos
Talos
added 2020/03/23 12:0 a.m.45 views

Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability

Summary An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function’s return value is not checked, leading to a double free that could be exploited to execute arbitrary...

9.8CVSS8.2AI score0.03636EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.36 views

GStreamer gst-rtsp-server GstRTSPAuth Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.4AI score0.02872EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.63 views

Videolabs libmicrodns 0.1.0 TXT record RDATA-parsing denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send ...

7.5CVSS7.4AI score0.02396EPSS
Exploits1
Talos
Talos
added 2020/03/23 12:0 a.m.64 views

Videolabs libmicrodns 0.1.0 mdns_recv return value denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdnsrecv, the return value of the mdnsreadheader function is not checked, leading to an uninitialized variable usage that eventually...

7.5CVSS7.4AI score0.03011EPSS
Exploits1
Talos
Talos
added 2020/03/10 12:0 a.m.59 views

Microsoft Windows 10 Kernel SetMapMode MM_HIENGLISH information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the kernel of Microsoft Windows 10 Insider Preview Fast and Stable. A specially crafted executable can cause an out-of-bounds read, resulting in information disclosure. To trigger this vulnerability, the attacker needs to execu...

7.8CVSS7.8AI score0.01117EPSS
Exploits0
Talos
Talos
added 2020/03/09 12:0 a.m.182 views

WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities

Summary An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An...

7.8CVSS6.8AI score0.00656EPSS
Exploits3
Talos
Talos
added 2020/03/09 12:0 a.m.114 views

WAGO e!COCKPIT file path improper input validation vulnerability

Summary An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executi...

7.8CVSS7.8AI score0.01817EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.114 views

WAGO PFC100/200 Web-Based Management (WBM) FastCGI configuration insufficient resource pool denial of service

Summary The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to “provide high performance for all Internet applications without the penalties of Web...

7.5CVSS7.8AI score0.01759EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.95 views

WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Command Injection Vulnerabilities

Summary An exploitable command injection vulnerability exists in the iocheckd service “I/O-Check” function of the WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to...

7.8CVSS8.1AI score0.01358EPSS
Exploits4
Talos
Talos
added 2020/03/09 12:0 a.m.69 views

WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Memory Corruption Vulnerabilities

Summary An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted xml cache file written to a specific location on the device can cause a stack buffer overflow, resulting in a denial of service an...

7CVSS7.3AI score0.00846EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.70 views

WAGO PFC200 Cloud Connectivity Multiple Command Injection Vulnerabilities

Summary An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WAGO...

9CVSS7.4AI score0.04614EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.59 views

WAGO PFC200 iocheckd service "I/O-Check" cache gateway Memory Corruption Vulnerability

Summary An exploitable double free vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially...

7.8CVSS8AI score0.00848EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.80 views

WAGO PFC200 Cloud Connectivity Improper Host Validation Vulnerability

Summary An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An...

9.1CVSS8.9AI score0.02672EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.108 views

WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability

Summary An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC100/200 controllers. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information...

7.5CVSS7.9AI score0.02199EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.77 views

WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability

Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...

7.5CVSS6.7AI score0.02199EPSS
Exploits1
Talos
Talos
added 2020/03/09 12:0 a.m.76 views

WAGO PFC200 Cloud Connectivity TimeoutPrepared Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version...

7.2CVSS7AI score0.04179EPSS
Exploits1
Total number of security vulnerabilities2224