2205 matches found
Schneider Electric Modicon M580 UMAS REST API getcominfo information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS REST API getcominfo functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted HTTP request can cause the device to return arbitrary memory,...
Schneider Electric Modicon M580 FTP incomplete firmware update denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. A specially crafted set of FTP commands can cause the device to enter a recoverable fault state,...
Schneider Electric Modicon M580 FTP cleartext authentication vulnerability
Summary An exploitable information disclosure vulnerability exists in the FTP functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Schneider Electric...
Schneider Electric Modicon M580 UMAS REST API getcominfo denial-of-service vulnerability
Summary An exploitable denial of service vulnerability exists in the UMAS REST API getcominfo functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted HTTP request can cause the device to enter a non-recoverable fault...
Schneider Electric Modicon M580 TFTP server information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the TFTP server functionality of the Schneider Electric Modicon M580 Programmable Automation Controller. A specially crafted TFTP get request can cause a file download, resulting in disclosure of sensitive information. An...
Schneider Electric Modicon M580 FTP firmware update loader service denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update service function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. A specially ordered set of FTP commands can cause the FTP loader service to enter a waiting...
Schneider Electric Modicon M580 Mismatched Firmware Image FTP Upgrade Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the FTP firmware update functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted firmware image can cause the device to enter a recoverable fault state,...
Schneider Electric Modicon M580 UMAS REST API readbolarray information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS REST API readbolarray functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted HTTP request can cause the device to return blocks of program...
Schneider Electric Modicon M580 outdated firmware image FTP upgrade denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An outdated firmware image can cause the device to enter a non-recoverable fault state,...
Schneider Electric Modicon M580 UMAS cleartext data transmission vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Schneider Electric...
Schneider Electric Modicon M580 malformed firmware image FTP upgrade denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. A specially crafted firmware image can cause the device to enter a recoverable fault state, resulti...
Foxit PDF Reader JavaScript Array.includes remote code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn’t handled properly, resulting in arbitrary code execution. An attacke...
E2fsprogs quotaio_tree.c report_tree() code execution vulnerability
Summary An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Tested...
Aspose.PDF for C++ parent generation remote code execution vulnerability
Summary An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger thi...
Aspose.PDF for C++ LZWDecode filter predictor remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2.for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF...
Aspose.PDF for C++ Remote Code Execution Vulnerability
Summary An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free . An attacker can send a malicious PDF to trigger this vulnerability...
Atlassian Jira Issue Key Information Disclosure Vulnerability
Summary An issue key information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid issue keys and invalid issue keys via the /rest/api/1.0/render API endpoint. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira 8.1.0...
Atlassian Jira Tempo plugin issue summary information disclosure vulnerability
Summary An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira Tempo Core syste...
Atlassian Jira CSRF Protections Bypass Vulnerability
Summary An exploitable CSRF vulnerability exists in Atlassian Jira 7.6.4. An attacker controlling a subdomain different that the Jira hosting subdomain enables cookie injection and control of the CSRF header token. An attacker can create a cookie and submit CSRF attacks on behalf of a logged-in...
AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability...
Atlassian Jira Worklog Information Disclosure Vulnerability
Summary A worklog information disclosure vulnerability exists in Atlassian Jira 7.6.4, from version 7.6.4 to 8.1.0. Authenticated users can view worklog details for issues they do not have permission to view via the /rest/api/2/worklog/list API endpoint. They can also obtain a list of worklog ID’...
Atlassian Jira CSRF Login Vulnerability
Summary An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira 8.1.0 Product URL...
Atlassian Jira issueTable username information disclosure vulnerability
Summary An username information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid usernames and invalid usernames via /rest/issueNav/1/issueTable API endpoint. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira 8.1.0...
Atlassian Jira issue attachment name information disclosure vulnerability
Summary An issue attachment name information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid attachment names and invalid attachment names for any given issue via /rest/api/1.0/render API endpoint. Tested Versions...
Atlassian Jira WikiRenderer parser XSS vulnerability
Summary An exploitable XSS vulnerability exists in the WikiRenderer functionality of Atlassian Jira, from version 7.6.4 to 8.1.0. A specially crafted comment can cause a persistent XSS. An attacker can create a comment or worklog entry to trigger this vulnerability. Tested Versions Atlassian Jira...
NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon hostapd on the NETGEAR N300 WNR2000v5 wireless router. A SOAP request sent in an invalid sequence to the service can cause a null pointer dereference, resulting in the hostapd service crashing. An...
NETGEAR N300 WNR2000v5 unauthenticated HTTP denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 WNR2000v5 HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP servic...
Blynk inc. Blynk-Library BlynkProtocol<Transp>::processInput() information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. Tested...
Epignosis eFront LMS PHP deserialization code execution vulnerability
Summary A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested Versions Epignosis...
Epignosis eFront LMS unauthenticated SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities,...
Aspose Aspose.Cells for C++ Number Code Execution Vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigge...
Aspose Aspose.Cells for C++ LabelSst Code Execution Vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells for C++ 19.1.0. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to...
Aspose Aspose.Words for C++ EnumMetaInfo Code Execution Vulnerability
Summary An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words for C++, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malforme...
Nest Labs Openweave Weave ASN1Writer PutValue Code Execution Vulnerability
Summary An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to...
Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability
Talos Vulnerability Report TALOS-2019-0811 Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability August 19, 2019 CVE Number CVE-2019-5044 Summary An exploitable certificate authentication vulnerability exists in the Weave CASE Pairing function of the Nest...
Nest Labs Nest Cam IQ Indoor Weave Legacy Pairing Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigge...
Nest Labs Nest Cam IQ Indoor Weave KeyError denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a...
Nest Labs Nest Cam IQ Indoor Weave PASE pairing brute force vulnerability
Summary An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An...
Nest Labs Nest Cam IQ Indoor Weave TCP connection denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability...
Nest Labs Nest Cam IQ Indoor WeaveCASEEngine::DecodeCertificateInfo denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of the Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a deni...
Nest Labs Openweave Weave tool Print-TLV code execution vulnerability
Summary An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted...
Nest Labs Openweave Weave DecodeMessageWithLength Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker c...
Schneider Electric Modicon M580 UMAS read strategy denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS read strategy functionality of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted set of UMAS commands can cause the device to enter a non-recoverable fault...
Schneider Electric Modicon M580 UMAS Function Code 0x29 Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the UMAS function code 0x29 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault stat...
Schneider Electric Modicon M580 UMAS Read System Coils and Registers Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the UMAS Read System Coils and Registers functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted UMAS command can cause the device to enter a non-recoverab...
Schneider Electric Modicon M580 HTTP Request Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the HTTP request processing of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. An appropriately timed HTTP request can cause the device to enter a non-recoverable fault state, resultin...
MongoDB Server session reuse vulnerability
Summary An exploitable authentication vulnerability exists in MongoDB Server prior to version 4.0.9. Access to a MongoDB database server can be persisted after user deletion by reusing an established session of said user. Tested Versions MongoDB Server 4.0.5 MongoDB Server 3.4.18 Product URLs...
NVIDIA NVWGF2UMX_CFG.DLL Shader functionality DCL_INDEXABLETEMP code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in NVIDIA NVWGF2UMXCFG driver, versions 25.21.14.2531 and 425.31. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This...
NVIDIA NVWGF2UMX_CFG.DLL shader functionality code execution vulnerability
Summary An exploitable untrusted pointer dereference vulnerability exists in NVIDIA NVWGF2UMXCFG driver, versions 24.21.14.1216 and 412.16. A specially crafted pixel shader can cause an untrusted pointer dereference, potentially resulting in code execution. An attacker can provide a specially...
VMware Workstation 15 pixel shader functionality denial of service vulnerability
Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest...