Lucene search
K

2224 matches found

Talos
Talos
added 2019/05/29 12:0 a.m.131 views

PaX read_kmem denial of service vulnerability

Summary An exploitable vulnerability exists in the grsecurity PaX patch for the function readkmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from versio...

5.9CVSS5.7AI score0.00745EPSS
Exploits1
Talos
Talos
added 2019/05/16 12:0 a.m.150 views

Wacom update helper tool startProcess privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to...

7.8CVSS8AI score0.0053EPSS
Exploits0
Talos
Talos
added 2019/05/16 12:0 a.m.191 views

Wacom update helper tool start/stopLaunchDProcess privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this...

7.8CVSS7.5AI score0.00597EPSS
Exploits0
Talos
Talos
added 2019/05/14 12:0 a.m.87 views

Adobe Acrobat Reader DC OCGs state change remote code execution vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.10.20069. This can lead to arbitrary code execution with careful memory manipulation. The victim would need to open the malicious file or...

9.3CVSS8.9AI score0.10223EPSS
Exploits1
Talos
Talos
added 2019/05/14 12:0 a.m.85 views

Antenna House Rainbow PDF Office server document converter TxMasterStyleAtom parsing code execution vulnerability

Summary A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 7,0,2019,0220. While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds...

8.8CVSS8.9AI score0.02866EPSS
Exploits1
Talos
Talos
added 2019/05/14 12:0 a.m.115 views

Adobe Acrobat Reader DC app.thermometer Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.10.20098. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need ...

9.3CVSS8.8AI score0.0877EPSS
Exploits0
Talos
Talos
added 2019/05/13 12:0 a.m.140 views

Novatek NT9665X XML_UploadFile WifiCmd denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any...

7.8CVSS6.2AI score0.01735EPSS
Exploits1
Talos
Talos
added 2019/05/13 12:0 a.m.143 views

Novatek NT9665X XML_GetThumbNail denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. Tested...

7.8CVSS7.5AI score0.0164EPSS
Exploits1
Talos
Talos
added 2019/05/13 12:0 a.m.142 views

Novatek NT9665X HFS Recv buffer overflow code execution vulnerability

Summary An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code executio...

10CVSS9.3AI score0.02853EPSS
Exploits1
Talos
Talos
added 2019/05/13 12:0 a.m.425 views

Anker Roav A1 Dashcam HTTP Path Overflow Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version “RoavA1SWV1.9.” A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this...

8.8CVSS8.3AI score0.00707EPSS
Exploits0
Talos
Talos
added 2019/05/13 12:0 a.m.149 views

Novatek NT9665X XML_GetScreen Strncmp denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the XMLGetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot...

7.8CVSS7.5AI score0.01469EPSS
Exploits1
Talos
Talos
added 2019/05/13 12:0 a.m.734 views

Anker Roav A1 Dashcam Wifi AP Default Credential Vulnerability

Summary An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version “RoavA1SWV1.9.” A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. Tested Versions Anke...

8.8CVSS7.6AI score0.00494EPSS
Exploits0
Talos
Talos
added 2019/05/13 12:0 a.m.101 views

Novatek NT9665X HFS Overwrite denial-of-service vulnerability

Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9.” The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send a...

7.8CVSS6.3AI score0.01393EPSS
Exploits1
Talos
Talos
added 2019/05/13 12:0 a.m.141 views

Novatek NT9665X XML_UploadFile path overflow code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. Tested...

10CVSS9.4AI score0.02825EPSS
Exploits1
Talos
Talos
added 2019/05/13 12:0 a.m.576 views

Novatek NT9665X HTTP Upload Firmware Update Vulnerability

Summary An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version “RoavA1SWV1.9”. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT...

10CVSS9.1AI score0.02332EPSS
Exploits1
Talos
Talos
added 2019/05/13 12:0 a.m.150 views

Anker Roav A1 Dashcam WifiCmd 9999 Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Tested Versions Anker Roav A1...

9.8CVSS8.8AI score0.02234EPSS
Exploits0
Talos
Talos
added 2019/05/13 12:0 a.m.138 views

Novatek NT9665X XML_GetRawEncJpg denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the XMLGetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version “RoavA1SWV1.9”. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot. Teste...

7.8CVSS7.5AI score0.0164EPSS
Exploits1
Talos
Talos
added 2019/05/09 12:0 a.m.170 views

Sqlite3 Window Function Remote Code Execution Vulnerability

Summary An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this...

8.1CVSS8.4AI score0.06683EPSS
Exploits1
Talos
Talos
added 2019/05/08 12:0 a.m.99 views

Winco Fireworks FireFly Bluetooth Low Energy Improper Access Control Vulnerability

Summary An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. Tested Versions Winco Fireworks FireFly FW-1007 V2.0 Product URLs...

6.5CVSS6.9AI score0.00645EPSS
Exploits0
Talos
Talos
added 2019/05/08 12:0 a.m.139 views

Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability

Summary Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December t2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...

10CVSS9.7AI score0.06263EPSS
Exploits2
Talos
Talos
added 2019/05/06 12:0 a.m.115 views

Jenkins Ansible Tower Plugin information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the testTowerConnection function of the Jenkins Ansible Tower Plugin 0.9.1. A specially crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cause affected versions of thi...

8.8CVSS8.4AI score0.01525EPSS
Exploits0
Talos
Talos
added 2019/05/06 12:0 a.m.104 views

Jenkins Swarm Plugin XML external entities information disclosure vulnerability

Summary The Jenkins Self-Organizing Swarm Modules Plugin, version 3.14, contains a trivial XXE XML External Entities vulnerability inside of the getCandidateFromDatagramResponses method. As a result of this issue, it is possible for an attacker on the same network as a Swarm client to read...

9.3CVSS9.2AI score0.01794EPSS
Exploits0
Talos
Talos
added 2019/05/06 12:0 a.m.144 views

Jenkins GitLab Plugin Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the testConnection functionality of the Jenkins GitLab Plugin 1.5.11. A specially crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cause affected versions of this plug...

8CVSS7.5AI score0.01355EPSS
Exploits0
Talos
Talos
added 2019/04/25 12:0 a.m.165 views

Sierra Wireless AirLink ES450 ACEManager iplogging.cgi command injection vulnerability

Summary An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HT...

9CVSS8.8AI score0.19488EPSS
Exploits3
Talos
Talos
added 2019/04/25 12:0 a.m.43 views

Sierra Wireless AirLink ES450 ACEManager Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this...

5.3CVSS5.6AI score0.11396EPSS
Exploits2
Talos
Talos
added 2019/04/25 12:0 a.m.87 views

Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an...

9CVSS9.2AI score0.27851EPSS
Exploits3
Talos
Talos
added 2019/04/25 12:0 a.m.45 views

Sierra Wireless AirLink ES450 ACEManager Information Exposure Vulnerability

Summary An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the devi...

7.5CVSS7.8AI score0.04011EPSS
Exploits3
Talos
Talos
added 2019/04/25 12:0 a.m.97 views

Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the ACEManager templateload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can ma...

6.5CVSS7AI score0.04132EPSS
Exploits3
Talos
Talos
added 2019/04/25 12:0 a.m.67 views

Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross-Site Scripting Vulnerability

Summary An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on...

6.1CVSS6.6AI score0.05233EPSS
Exploits3
Talos
Talos
added 2019/04/25 12:0 a.m.68 views

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure Vulnerability

Summary An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information,...

8.8CVSS8.8AI score0.18647EPSS
Exploits4
Talos
Talos
added 2019/04/25 12:0 a.m.56 views

Sierra Wireless AirLink ES450 ACEManager Cross-Site Request Forgery Vulnerability

Summary An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests bein...

8.8CVSS8.7AI score0.02188EPSS
Exploits3
Talos
Talos
added 2019/04/25 12:0 a.m.58 views

Sierra Wireless AirLink ES450 SNMPD hard-coded credentials vulnerability

Summary A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in a hard-coded, in the exposure of a privileged user. An attacker can...

9.3CVSS8.1AI score0.05324EPSS
Exploits3
Talos
Talos
added 2019/04/25 12:0 a.m.53 views

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment Vulnerability

Summary An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An...

8.8CVSS9AI score0.26556EPSS
Exploits4
Talos
Talos
added 2019/04/25 12:0 a.m.53 views

Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change Vulnerability

Summary An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password ...

7.1CVSS7.1AI score0.16106EPSS
Exploits3
Talos
Talos
added 2019/04/23 12:0 a.m.128 views

Symantec Endpoint Protection Small Business Edition ccSetx86.sys 0x224844 kernel memory information disclosure vulnerability

Summary An exploitable kernel memory disclosure vulnerability exists in the 0x224844 IOCTL handler function of Symantec Endpoint Protection Small Business Edition ccSetx86.sys, version 16.0.0.77. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in...

6.5CVSS6AI score0.00386EPSS
Exploits0
Talos
Talos
added 2019/04/15 12:0 a.m.518 views

Shimo VPN helper tool deleteConfig denial-of-service vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. Tested...

9CVSS7.4AI score0.00386EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.159 views

Shimo VPN helper tool RunVpncScript privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privilege...

9.3CVSS8.2AI score0.00422EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.146 views

Shimo VPN helper tool configureRoutingWithCommand privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a...

9.3CVSS8.1AI score0.0068EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.107 views

Shimo VPN helper tool writeConfig privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An...

9.3CVSS8AI score0.0068EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.223 views

Shimo VPN helper tool code-signing privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully...

8.8CVSS8.1AI score0.00443EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.77 views

Shimo VPN Helper Tool disconnectService denial-of-service vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit. Teste...

7.1CVSS6AI score0.00376EPSS
Exploits1
Talos
Talos
added 2019/04/15 12:0 a.m.116 views

VMware Workstation 15 vertex shader functionality denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 15. A specially crafted vertex shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware gues...

6.8CVSS6.4AI score0.01666EPSS
Exploits0
Talos
Talos
added 2019/04/09 12:0 a.m.63 views

Adobe Acrobat Reader DC text field value remote code execution vulnerability — redux

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...

9.3CVSS9.4AI score0.13541EPSS
Exploits0
Talos
Talos
added 2019/04/08 12:0 a.m.71 views

Capsule Technologies SmartLinx Neuron 2 restricted environment protection mechanism failure vulnerability

Summary A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in ful...

7.6CVSS7.3AI score0.00472EPSS
Exploits0
Talos
Talos
added 2019/03/26 12:0 a.m.83 views

GOG Galaxy Games fillProcessInformationForPids information leak vulnerability

Summary An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user. Tested Versions Gog Galaxy...

6.2CVSS5.2AI score0.00357EPSS
Exploits0
Talos
Talos
added 2019/03/26 12:0 a.m.65 views

Nouveau Display Driver Remote Denial of Service

Summary A remote denial-of-service vulnerability exists in the way the Nouveau display driver the default Ubuntu Nvidia display driver handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to...

7.4CVSS6.3AI score0.01436EPSS
Exploits1
Talos
Talos
added 2019/03/26 12:0 a.m.73 views

GOG Galaxy Games createFolderAtPath privilege escalation vulnerability

Summary An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories...

7.1CVSS5.8AI score0.00278EPSS
Exploits0
Talos
Talos
added 2019/03/26 12:0 a.m.74 views

GOG Galaxy Games privileged helper denial-of-service vulnerability

Summary An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable. Tested Versions Gog...

6.2CVSS5.9AI score0.00325EPSS
Exploits0
Talos
Talos
added 2019/03/26 12:0 a.m.104 views

GOG Galaxy updater temp directory insecure file permissions local privilege elevation vulnerability

Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s Temp directory. An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. Tested Versions...

9.3CVSS8.1AI score0.00598EPSS
Exploits1
Talos
Talos
added 2019/03/26 12:0 a.m.82 views

GOG Galaxy Games changeFolderPermissionsAtPath privilege escalation vulnerability

Summary An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges. Tested Versions Gog Galaxy 1.2....

7.8CVSS7.4AI score0.00353EPSS
Exploits0
Total number of security vulnerabilities2224