2204 matches found
Yara Object Lookup Denial of Service Vulnerability
Summary An exploitable Denial of Service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this...
SDL_image XPM image colorhash parsing Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a...
SDL_image XCF Image Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
SDL_image PCX Image Code execution Vulnerability
Summary An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...
SDL_image XPM image color code code execution vulnerability
Summary An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow,...
Simple DirectMedia Layer SDL2_image IMG_LoadPCX_RW code execution vulnerability
Summary An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...
Simple DirectMedia Layer SDL2_image IMG_LoadPCX_RW signed comparison code execution vulnerability
Summary An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provid...
Google V8 Array.prototype Memory Corruption Vulnerability
Summary A specific JavaScript code can trigger a memory corruption in V8 7.3.492.17 which could potentially be abused for remote code execution. In order to trigger this vulnerability in the context of a browser, such as Google Chrome, the victim would need to visit a malicious web page. Tested...
KCodes NetUSB unauthenticated remote kernel information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and se...
KCodes NetUSB unauthenticated remote kernel arbitrary memory read vulnerability
Summary An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid...
Schneider Electric Modicon M580 UMAS function code 0x6d multiple denial-of-service vulnerabilities
Summary Multiple denial-of-service vulnerabilities exist in the UMAS protocol functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. Specially crafted UMAS commands can cause the device to enter a non-recoverable fault state, resulting in...
Schneider Electric Modicon M580 UMAS memory block read denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block read function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...
Schneider Electric UnityPro PLC simulator remote code execution vulnerability
Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...
Schneider Electric Modicon M580 UMAS strategy read information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS strategy read functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of the programmed...
Schneider Electric Modicon M580 UMAS function code 0x65 denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x65 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...
Schneider Electric Modicon M580 UMAS read memory block information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS read memory block function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of memory, resulting...
Schneider Electric Modicon M580 UMAS Improper Authentication Vulnerability
Summary An exploitable improper authentication vulnerability exists in the UMAS PLC reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can allow an attacker to masquerade as an authenticated use...
Schneider Electric Modicon M580 UMAS memory block write denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block write functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...
Schneider Electric Modicon M580 UMAS set breakpoint denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS set breakpoint functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...
Schneider Electric Modicon M580 UMAS write system coils and holding registers denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS write system coils and holding registers functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a...
Schneider Electric Modicon M580 UMAS Strategy File Write Vulnerability
Summary An exploitable unauthenticated file write vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted sequence of UMAS commands can cause the device to overwrite...
Schneider Electric Modicon M580 UMAS release reservation denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS Release PLC Reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to invalidate a session without...
Schneider Electric Modicon M580 UMAS function code 0x28 denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x28 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...
Schneider Electric Modicon M580 UMAS read system blocks and bits information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS Read System Blocks and Bits functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of...
Schneider Electric Modicon M580 UMAS write system bits and blocks denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS write system bits and blocks functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted set of UMAS commands can cause the device to enter a...
Schneider Electric Modicon M580 UnityPro reliance on untrusted inputs vulnerability
Summary An exploitable reliance on untrusted inputs vulnerability exists in the strategy transfer function of the Schneider Electric Unity Pro L Programming Software. When a specially crafted strategy is programmed to a Modicon M580 Programmable Automation Controller, and UnityProL is used to rea...
Schneider Electric Modicon M580 UMAS Read Memory Block Out Of Bounds Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS memory block read functionality of the Schneider Electric Modicon M580 Programmable Automation Controller. A specially crafted UMAS request can cause an out of bounds read, resulting in disclosure of sensitive...
Schneider Electric Modicon M580 UMAS strategy transfer denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS strategy transfer functionality of the Schneider Electric Modicon M580 programmable automation controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a recoverable fault state,...
Jenkins Artifactory Plugin information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the testConnection endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cau...
Jenkins Artifactory Plugin fillCredentialsIdItems information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the fillCredentialsIdItems endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled -...
PaX read_kmem denial of service vulnerability
Summary An exploitable vulnerability exists in the grsecurity PaX patch for the function readkmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from versio...
Wacom update helper tool startProcess privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to...
Wacom update helper tool start/stopLaunchDProcess privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this...
Adobe Acrobat Reader DC OCGs state change remote code execution vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.10.20069. This can lead to arbitrary code execution with careful memory manipulation. The victim would need to open the malicious file or...
Antenna House Rainbow PDF Office server document converter TxMasterStyleAtom parsing code execution vulnerability
Summary A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 7,0,2019,0220. While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds...
Adobe Acrobat Reader DC app.thermometer Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.10.20098. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need ...
Novatek NT9665X XML_GetRawEncJpg denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the XMLGetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot. Teste...
Novatek NT9665X XML_GetThumbNail denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. Tested...
Anker Roav A1 Dashcam WifiCmd 9999 Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Tested Versions Anker Roav A1...
Anker Roav A1 Dashcam Wifi AP Default Credential Vulnerability
Summary An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version “RoavA1SWV1.9.” A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. Tested Versions Anke...
Novatek NT9665X HFS Overwrite denial-of-service vulnerability
Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send a...
Novatek NT9665X HTTP Upload Firmware Update Vulnerability
Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version “RoavA1SWV1.9”. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT...
Novatek NT9665X XML_UploadFile path overflow code execution vulnerability
Summary An exploitable code execution vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. Tested...
Novatek NT9665X HFS Recv buffer overflow code execution vulnerability
Summary An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code executio...
Novatek NT9665X XML_GetScreen Strncmp denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the XMLGetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot...
Anker Roav A1 Dashcam HTTP Path Overflow Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version “RoavA1SWV1.9.” A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this...
Novatek NT9665X XML_UploadFile WifiCmd denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any...
Sqlite3 Window Function Remote Code Execution Vulnerability
Summary An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...
Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability
Summary Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December t2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...
Winco Fireworks FireFly Bluetooth Low Energy Improper Access Control Vulnerability
Summary An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. Tested Versions Winco Fireworks FireFly FW-1007 V2.0 Product URLs...