Lucene search
K

2218 matches found

Talos
Talos
added 2019/08/19 12:0 a.m.38 views

Nest Labs Nest Cam IQ Indoor Weave PASE pairing brute force vulnerability

Summary An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An...

9CVSS8.9AI score0.00423EPSS
Exploits1
Talos
Talos
added 2019/08/19 12:0 a.m.39 views

Nest Labs Nest Cam IQ Indoor WeaveCASEEngine::DecodeCertificateInfo denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of the Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a deni...

7.8CVSS7.8AI score0.00572EPSS
Exploits1
Talos
Talos
added 2019/08/19 12:0 a.m.34 views

Nest Labs Openweave Weave ASN1Writer PutValue Code Execution Vulnerability

Summary An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to...

8.8CVSS8.7AI score0.01617EPSS
Exploits1
Talos
Talos
added 2019/08/19 12:0 a.m.43 views

Nest Labs Openweave Weave tool Print-TLV code execution vulnerability

Summary An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted...

8.8CVSS8.5AI score0.02722EPSS
Exploits1
Talos
Talos
added 2019/08/19 12:0 a.m.30 views

Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability

Talos Vulnerability Report TALOS-2019-0811 Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability August 19, 2019 CVE Number CVE-2019-5044 Summary An exploitable certificate authentication vulnerability exists in the Weave CASE Pairing function of the Nest...

6.7AI score
Exploits0
Talos
Talos
added 2019/08/13 12:0 a.m.66 views

Schneider Electric Modicon M580 UMAS Read System Coils and Registers Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the UMAS Read System Coils and Registers functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted UMAS command can cause the device to enter a non-recoverab...

7.8CVSS7.8AI score0.01526EPSS
Exploits0
Talos
Talos
added 2019/08/13 12:0 a.m.48 views

Schneider Electric Modicon M580 UMAS Function Code 0x29 Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the UMAS function code 0x29 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault stat...

7.8CVSS7.8AI score0.01609EPSS
Exploits1
Talos
Talos
added 2019/08/13 12:0 a.m.61 views

Schneider Electric Modicon M580 UMAS read strategy denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS read strategy functionality of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted set of UMAS commands can cause the device to enter a non-recoverable fault...

7.8CVSS7.7AI score0.01757EPSS
Exploits0
Talos
Talos
added 2019/08/13 12:0 a.m.41 views

Schneider Electric Modicon M580 HTTP Request Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the HTTP request processing of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. An appropriately timed HTTP request can cause the device to enter a non-recoverable fault state, resultin...

7.1CVSS5.9AI score0.011EPSS
Exploits0
Talos
Talos
added 2019/08/06 12:0 a.m.47 views

MongoDB Server session reuse vulnerability

Summary An exploitable authentication vulnerability exists in MongoDB Server prior to version 4.0.9. Access to a MongoDB database server can be persisted after user deletion by reusing an established session of said user. Tested Versions MongoDB Server 4.0.5 MongoDB Server 3.4.18 Product URLs...

7.1CVSS6.9AI score0.01225EPSS
Exploits1
Talos
Talos
added 2019/08/05 12:0 a.m.89 views

NVIDIA NVWGF2UMX_CFG.DLL shader functionality code execution vulnerability

Summary An exploitable untrusted pointer dereference vulnerability exists in NVIDIA NVWGF2UMXCFG driver, versions 24.21.14.1216 and 412.16. A specially crafted pixel shader can cause an untrusted pointer dereference, potentially resulting in code execution. An attacker can provide a specially...

10CVSS8.2AI score0.05415EPSS
Exploits1
Talos
Talos
added 2019/08/05 12:0 a.m.98 views

NVIDIA NVWGF2UMX_CFG.DLL Shader functionality DCL_INDEXABLETEMP code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in NVIDIA NVWGF2UMXCFG driver, versions 25.21.14.2531 and 425.31. A specially crafted pixel shader can cause an untrusted pointer dereference. An attacker can provide a specially crafted shader file to trigger this vulnerability. This...

7.2AI score
Exploits0
Talos
Talos
added 2019/08/05 12:0 a.m.80 views

VMware Workstation 15 pixel shader functionality denial of service vulnerability

Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest...

9.6CVSS8.8AI score0.01628EPSS
Exploits0
Talos
Talos
added 2019/08/05 12:0 a.m.88 views

NVIDIA NVWGF2UMX_CFG.DLL Shader functionality DCL_INDEXABLETEMP code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in NVIDIA NVWGF2UMXCFG driver, versions 25.21.14.2531 and 425.31. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This...

10CVSS8AI score0.05044EPSS
Exploits1
Talos
Talos
added 2019/07/30 12:0 a.m.94 views

Yara Object Lookup Denial of Service Vulnerability

Summary An exploitable Denial of Service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this...

6.5CVSS5.5AI score0.01079EPSS
Exploits1
Talos
Talos
added 2019/07/29 12:0 a.m.112 views

SDL_image PCX Image Code execution Vulnerability

Summary An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS8.9AI score0.03616EPSS
Exploits0
Talos
Talos
added 2019/07/29 12:0 a.m.175 views

SDL_image XCF Image Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS8.7AI score0.03616EPSS
Exploits0
Talos
Talos
added 2019/07/29 12:0 a.m.127 views

SDL_image XPM image colorhash parsing Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a...

8.8CVSS8.9AI score0.04043EPSS
Exploits1
Talos
Talos
added 2019/07/29 12:0 a.m.119 views

SDL_image XPM image color code code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow,...

8.8CVSS8.8AI score0.03616EPSS
Exploits0
Talos
Talos
added 2019/07/02 12:0 a.m.88 views

Simple DirectMedia Layer SDL2_image IMG_LoadPCX_RW code execution vulnerability

Summary An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

8.8CVSS8.8AI score0.04043EPSS
Exploits1
Talos
Talos
added 2019/07/02 12:0 a.m.79 views

Simple DirectMedia Layer SDL2_image IMG_LoadPCX_RW signed comparison code execution vulnerability

Summary An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provid...

8.8CVSS8.9AI score0.04515EPSS
Exploits1
Talos
Talos
added 2019/07/01 12:0 a.m.71 views

Google V8 Array.prototype Memory Corruption Vulnerability

Summary A specific JavaScript code can trigger a memory corruption in V8 7.3.492.17 which could potentially be abused for remote code execution. In order to trigger this vulnerability in the context of a browser, such as Google Chrome, the victim would need to visit a malicious web page. Tested...

8.8CVSS8.7AI score0.01985EPSS
Exploits0
Talos
Talos
added 2019/06/17 12:0 a.m.158 views

KCodes NetUSB unauthenticated remote kernel information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and se...

5.8CVSS5.5AI score0.02119EPSS
Exploits0
Talos
Talos
added 2019/06/14 12:0 a.m.64 views

KCodes NetUSB unauthenticated remote kernel arbitrary memory read vulnerability

Summary An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid...

10CVSS9AI score0.03562EPSS
Exploits0
Talos
Talos
added 2019/06/10 12:0 a.m.227 views

Schneider Electric Modicon M580 UMAS release reservation denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS Release PLC Reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to invalidate a session without...

9.8CVSS9.7AI score0.29575EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.279 views

Schneider Electric Modicon M580 UMAS function code 0x28 denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x28 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

7.5CVSS7.7AI score0.01821EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.945 views

Schneider Electric Modicon M580 UMAS Read Memory Block Out Of Bounds Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS memory block read functionality of the Schneider Electric Modicon M580 Programmable Automation Controller. A specially crafted UMAS request can cause an out of bounds read, resulting in disclosure of sensitive...

7.5CVSS7.7AI score0.03413EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.193 views

Schneider Electric Modicon M580 UMAS function code 0x65 denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x65 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

7.5CVSS7.7AI score0.02304EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.219 views

Schneider Electric UnityPro PLC simulator remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...

9.8CVSS9.9AI score0.08161EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.158 views

Schneider Electric Modicon M580 UMAS strategy read information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS strategy read functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of the programmed...

7.5CVSS7.6AI score0.03413EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.137 views

Schneider Electric Modicon M580 UnityPro reliance on untrusted inputs vulnerability

Summary An exploitable reliance on untrusted inputs vulnerability exists in the strategy transfer function of the Schneider Electric Unity Pro L Programming Software. When a specially crafted strategy is programmed to a Modicon M580 Programmable Automation Controller, and UnityProL is used to rea...

5.3CVSS5.6AI score0.01509EPSS
Exploits0
Talos
Talos
added 2019/06/10 12:0 a.m.224 views

Schneider Electric Modicon M580 UMAS Strategy File Write Vulnerability

Summary An exploitable unauthenticated file write vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted sequence of UMAS commands can cause the device to overwrite...

9.8CVSS9.7AI score0.03808EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.207 views

Schneider Electric Modicon M580 UMAS Improper Authentication Vulnerability

Summary An exploitable improper authentication vulnerability exists in the UMAS PLC reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can allow an attacker to masquerade as an authenticated use...

9.8CVSS9.9AI score0.35039EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.205 views

Schneider Electric Modicon M580 UMAS memory block read denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block read function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...

7.5CVSS7.7AI score0.03289EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.211 views

Schneider Electric Modicon M580 UMAS read system blocks and bits information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS Read System Blocks and Bits functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of...

7.5CVSS7.6AI score0.02298EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.309 views

Schneider Electric Modicon M580 UMAS write system coils and holding registers denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS write system coils and holding registers functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a...

7.5CVSS7.7AI score0.01582EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.149 views

Schneider Electric Modicon M580 UMAS set breakpoint denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS set breakpoint functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...

7.5CVSS7.8AI score0.02626EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.161 views

Schneider Electric Modicon M580 UMAS memory block write denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block write functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

7.5CVSS7.7AI score0.01582EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.215 views

Schneider Electric Modicon M580 UMAS function code 0x6d multiple denial-of-service vulnerabilities

Summary Multiple denial-of-service vulnerabilities exist in the UMAS protocol functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. Specially crafted UMAS commands can cause the device to enter a non-recoverable fault state, resulting in...

7.5CVSS8.1AI score0.03614EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.197 views

Schneider Electric Modicon M580 UMAS write system bits and blocks denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS write system bits and blocks functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted set of UMAS commands can cause the device to enter a...

7.5CVSS7.6AI score0.02236EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.150 views

Schneider Electric Modicon M580 UMAS read memory block information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS read memory block function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of memory, resulting...

7.5CVSS7.6AI score0.03279EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.206 views

Schneider Electric Modicon M580 UMAS strategy transfer denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS strategy transfer functionality of the Schneider Electric Modicon M580 programmable automation controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a recoverable fault state,...

7.5CVSS7.8AI score0.03289EPSS
Exploits1
Talos
Talos
added 2019/06/04 12:0 a.m.153 views

Jenkins Artifactory Plugin fillCredentialsIdItems information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the fillCredentialsIdItems endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled -...

4.3CVSS4.5AI score0.01876EPSS
Exploits1
Talos
Talos
added 2019/06/04 12:0 a.m.204 views

Jenkins Artifactory Plugin information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the testConnection endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cau...

4.3CVSS4.4AI score0.01825EPSS
Exploits1
Talos
Talos
added 2019/05/29 12:0 a.m.130 views

PaX read_kmem denial of service vulnerability

Summary An exploitable vulnerability exists in the grsecurity PaX patch for the function readkmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from versio...

5.9CVSS5.7AI score0.00745EPSS
Exploits1
Talos
Talos
added 2019/05/16 12:0 a.m.149 views

Wacom update helper tool startProcess privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to...

7.8CVSS8AI score0.0053EPSS
Exploits0
Talos
Talos
added 2019/05/16 12:0 a.m.191 views

Wacom update helper tool start/stopLaunchDProcess privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this...

7.8CVSS7.5AI score0.00597EPSS
Exploits0
Talos
Talos
added 2019/05/14 12:0 a.m.85 views

Antenna House Rainbow PDF Office server document converter TxMasterStyleAtom parsing code execution vulnerability

Summary A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 7,0,2019,0220. While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds...

8.8CVSS8.9AI score0.02866EPSS
Exploits1
Talos
Talos
added 2019/05/14 12:0 a.m.114 views

Adobe Acrobat Reader DC app.thermometer Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.10.20098. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need ...

9.3CVSS8.8AI score0.0877EPSS
Exploits0
Talos
Talos
added 2019/05/14 12:0 a.m.86 views

Adobe Acrobat Reader DC OCGs state change remote code execution vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.10.20069. This can lead to arbitrary code execution with careful memory manipulation. The victim would need to open the malicious file or...

9.3CVSS8.9AI score0.10223EPSS
Exploits1
Total number of security vulnerabilities2218