2218 matches found
CUJO Smart Firewall mdnscap mDNS SRV record denial-of-service vulnerability
Summary An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the “RDLENGTH” value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An...
CUJO Smart Firewall threatd hostname reputation check code execution vulnerability
Summary An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement...
CUJO Smart Firewall safe browsing Host header-parsing firewall bypass vulnerability
Summary An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The “Host” header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit...
Das U-Boot verified boot bypass
Summary An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot’s verified boot and execute an unsigned kernel, embedded in...
CUJO Smart Firewall static DHCP hostname command injection vulnerability
Summary An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system...
CleanMyMac X incomplete update patch privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access c...
WAGO e!Cockpit authentication hard-coded encryption key vulnerability
Summary A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. Test...
WAGO e!COCKPIT Firmware Downgrade Vulnerability
Summary An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version...
WAGO PFC200 iocheckd service "I/O-Check" cache DNS code execution vulnerability
Summary An exploitable stack buffer overflow vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send...
Pixar Renderman Install Helper Privilege Escalation Vulnerability
Summary A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0’s Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful...
Antenna House Rainbow PDF Office server document converter getSummaryInformation NumProperties code execution vulnerability
Summary A heap overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 7,0,2018,1113. While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation...
McAfee GetSusp VersionInfo Parsing Denial of Service Vulnerability
Summary An exploitable Denial of Service vulnerability exists in the file scanning functionality of McAfee GetSusp 3.0.0.461. A specially crafted executable can cause an infinite loop resulting in a Denial of Service. An attacker can scan this executable to trigger this vulnerability. Tested...
AutoDesk AutoCAD 2019 DXF-parsing code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019 P.46.0.0. A specially crafted DXF file can cause a heap overflow, resulting in code execution. An attacker must convince a victim to open a malicious document in order to trigger th...
AutoDesk AutoCAD 2019 LinetypeTableRecord Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019. A specially crafted DXF file can cause a use-after-free vulnerability, resulting in code execution. Tested Versions AutoDesk AutoCAD 2019 P.46.0.0 Product URLs...
AutoDesk AutoCAD 2019 cell margin code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019 P.46.0.0. A specially crafted DXF file with too many cell margins populating an AcCellMargin object can cause a heap overflow, resulting in code execution. An attacker can provide a...
Adobe Acrobat Reader DC text field "comb" property remote code execution vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...
Rakuten Viber Android Secret Chats Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the “Secret Chats” functionality of Rakuten Viber on Android 9.3.0.6. The “Secret Chats” functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this...
ACD Systems Canvas Draw 4 FillSpan Out of Bounds Write Code Execution Vulnerability
Summary An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...
ACD Systems Canvas Draw 5 huff table out-of-bounds write code execution vulnerability
Summary An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...
ACD Systems Canvas Draw 5 Resolution_Set out-of-bounds write code execution vulnerability
Summary An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...
ACD Systems Canvas Draw 5 IO metadata out-of-bounds write code execution vulnerability
Summary An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image t...
WIBU-SYSTEMS WibuKey.sys 0x8200E804 pool corruption privilege escalation vulnerability
Summary An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 Build 2400. A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation...
WIBU-SYSTEMS WibuKey network server management WkbProgramLow remote code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet ...
Python.org CPython X509 certificate parsing denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using...
WIBU-SYSTEMS WibuKey.sys 0x8200E804 kernel memory information disclosure vulnerability
Summary An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 Build 2400. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An...
Bitdefender BOX 2 bootstrap update_setup command execution vulnerability
Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...
Bitdefender BOX 2 bootstrap download_image command injection vulnerability
Summary An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands...
Pixar Renderman install helper privilege escalation vulnerability
Summary A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to...
Pixar Renderman Install Helper Arbitrary File Read Privilege Escalation Vulnerability
Summary A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to...
Apple IntelHD5000 Graphics Process Token Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
Foxit PDF Reader XFA xdpContent information leak vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software’s PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitati...
Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability
Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...
CleanMyMac X truncateFileAtPath Privilege Escalation Vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...
Clean My Mac X disableLaunchdAgentAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
Clean My Mac X removePackageWithID privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
CleanMyMac X removeItemAtPath Privilege Escalation Vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...
CleanMyMac X moveToTrashItemAtPath privilege escalation vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmym...
CleanMyMac X moveItemAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful...
Clean My Mac X removeLaunchdAgentAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
CleanMyMac X removeKextAtPath privilege escalation vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. Tested Versions Clean My Mac X 4.04 Product URLs...
Clean My Mac X pleaseTerminate denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machi...
Clean My Mac X removeASL Privilege Escalation Vulnerability
Summary An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a...
Clean My Mac X enableLaunchdAgentAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
Clean My Mac X securelyRemoveItemAtPath privilege escalation vulnerability
Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...
CleanMyMac X removeDiagnosticLogs privilege escalation vulnerability
Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmymac...
Telegram Android Secret Chats Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the “Secret Chats” functionality of the Telegram Android messaging application version 4.9.0. The “Secret Chats” functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request...
Webroot BrightCloud SDK HTTP headers-parsing code execution vulnerability
Summary An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightClo...
Webroot BrightCloud SDK HTTP connection unsafe defaults vulnerability
Summary An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightClou...
Adobe Acrobat Reader DC Text Field Value Remote Code Execution Vulnerability
Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...
Facebook WhatsApp Desktop Multiple Web Connection Notice Bypass Vulnerability
Summary An exploitable notice bypass vulnerability exists in the multiple web connections functionality of Facebook WhatsApp Desktop version 0.2.9739. This functionality allows a user to choose what to do when multiple desktop sessions are initiated using WhatsApp Desktop. By stealing the session...