2224 matches found
OpenCV JSON persistence parser buffer overflow vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a...
WAGO PFC200 iocheckd service "I/O-Check" BC_ProductLabel remote code execution vulnerability
Summary An exploitable stack buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this...
WAGO PFC200 iocheckd service "I/O-Check" get_coupler_details remote code execution vulnerability
Summary An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of the WAGO PFC 200. A specially crafted set of packets sent to the iocheckd service “I/O-Check” can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in cod...
WAGO PFC200 iocheckd service "I/O-Check" factory restore denial-of-service vulnerability
WAGO PFC200 iocheckd service “I/O-Check” factory restore denial-of-service vulnerability Summary An exploitable denial-of-service vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A single packet can cause a denial of service and weaken credentials resulting ...
WAGO PFC200 iocheckd service "I/O-Check" ReadPCBManuNum remote code execution vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger...
WAGO PFC200 iocheckd service "I/O-Check" MAC Address overwrite Denial of Service Vulnerability
WAGO PFC200 iocheckd service “I/O-Check” MAC Address overwrite Denial of Service Vulnerability Summary An exploitable denial-of-service vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a denial of service, resulti...
WAGO PFC200 iocheckd service "I/O-Check" ReadPSN remote code execution vulnerability
WAGO PFC200 iocheckd service “I/O-Check” ReadPSN remote code execution vulnerability Summary An exploitable heap buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a heap buffer overflow, potentially...
WAGO PFC200 iocheckd service "I/O-Check" external tool information exposure vulnerability
Summary An exploitable information exposure vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker...
WAGO PFC200 iocheckd service "I/O-Check" ReadPCBManuNum remote code execution vulnerability
Summary An exploitable heap buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger...
WAGO PFC200 iocheckd service "I/O-Check" Erase Denial of Service Vulnerability
WAGO PFC200 iocheckd service “I/O-Check” Erase Denial of Service Vulnerability Summary An exploitable denial of service vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted set of packets can cause a denial of service, resulting in the device...
W1.fi hostapd deauthentication denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in ...
W1.fi hostapd CAM table denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CA...
Linux kernel CAM table denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different...
Apple Safari SVG Marker Element baseVal Remote Code Execution Vulnerability
Summary A freed memory access vulnerability exists in the SVG Marker Element feature of Apple Safari’s WebKit version 13.0.2. A specially crafted HTML web page can cause a use after free, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a...
Kakadu Software SDK ATK marker code execution vulnerability
Summary An exploitable heap underflow vulnerability exists in the derivetapsandgains function in kduv7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim t...
LEADTOOLS libltdic.so LDicomAssociate::SetBinary denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability. Tested...
LEADTOOLS DICOM UI Parsing Code Execution Vulnerability
Summary An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An...
LEADTOOLS JPEG2000 Isot parsing Memory Corruption Vulnerability
Summary An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft ...
LEADTOOLS libltdic.so DICOM LDicomNet::receive information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger...
Adobe Acrobat Reader DC Javascript gotoNamedDest information leak vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to information leak when opening a PDF document in Adobe Acrobat Reader DC 2019.021.20048. With careful memory manipulation, this can lead to sensitive information disclose which could be abused when exploiting another vulnerabili...
Microsoft Remote Desktop Services (RDP8) license negotiation denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the RDP8 implementation of Microsoft’s Remote Desktop Services. A certain component of license negotiation can allow a remote client to read an amount of memory that is controlled by the client. Due to this, a client can coerce the...
LEADTOOLS libltdic.so DICOM receive code execution vulnerability
Summary An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerabilit...
Microsoft Remote Desktop Services (RDP7) Windows XP Multiple Information Leak Vulnerabilities
Summary Exploitable information leak vulnerabilities exists in the RDP7 implementation of Microsoft’s Remote Desktop Services on Windows XP. Various aspects of the T.128 protocol, such as capability negotiation, can cause an information leak, which can provide an attacker information about the...
LEADTOOLS libltdic.so DICOM LDicomNet::SendData Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this...
AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can...
Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...
Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
Shadowsocks-libev ss-manager add_server Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to...
Accusoft ImageGear TIFF TIF_decode_thunderscan code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed...
Forma LMS 2.2.1 /appCore/index.php users parameter SQL injections
Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
Forma LMS 2.2.1 /appLms/ajax.server.php filter_cat and filter_status parameters SQL injections
Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
Accusoft ImageGear BMP code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to...
Forma LMS 2.2.1 ajax.adm_server.php dir parameter SQL injections
Summary Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...
EmbedThis GoAhead web server code execution vulnerability
Summary An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of thi...
EmbedThis GoAhead web server denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated i...
Accusoft ImageGear PNG IHDR width code execution vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to th...
Accusoft ImageGear GEM Raster Code Execution Vulnerability
Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to th...
Tenda AC9 /goform/WanParameterSetting Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection, resulting in cod...
xcftools flattenIncrementally tiles walk code execution vulnerability
Summary An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In orde...
xcftools flattenIncrementally rows allocation code execution vulnerability
Summary An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row’s allocation size, that could be exploited to corrupt memory and eventually execute...
OpenWrt ustream-ssl certificate verification information leak vulnerability
Talos Vulnerability Report TALOS-2019-0893 OpenWrt ustream-ssl certificate verification information leak vulnerability November 15, 2019 CVE Number CVE-2019-5101,CVE-2019-5102 SUMMARY An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and...
Intel IGC64.DLL shader functionality DCL_INDEXABLE_TEMP denial-of-service vulnerability
Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, versions 26.20.100.6709 and 26.20.100.6861. A specially crafted pixel shader can cause an out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this...
Exhibitor UI command injection vulnerability
Summary An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An...
Microsoft Office Excel WorksheetOptions Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the mso.dll of Microsoft Office. A specially crafted XLS file can cause a use after free, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. Tested Versions...
Microsoft Media Foundation CMP4MetadataHandler AddQTMetadata Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the mfmp4srcsnk.dll of Microsoft Media Foundation. A specially crafted QuickTime file can cause a Use-After-Free, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...
LEADTOOLS CMP-parsing code execution vulnerability
Summary An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...
LEADTOOLS TIF ImageWidth code execution vulnerability
Summary An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a...
LEADTOOLS JPEG2000 j2pc Parsing Remote Code Execution Vulnerability
Summary An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this...
LEADTOOLS BMP Parsing Remote Code Execution Vulnerability
Summary An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerabilit...
Investintech Able2Extract professional JPEG decoding code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by...