AutoDesk AutoCAD 2019 DXF-parsing code execution vulnerability

Summary An exploitable heap overflow vulnerability exists in the DXF-parsing functionality of AutoDesk AutoCAD 2019 P.46.0.0. A specially crafted DXF file can cause a heap overflow, resulting in code execution. An attacker must convince a victim to open a malicious document in order to trigger th...

Adobe Acrobat Reader DC text field "comb" property remote code execution vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...

Rakuten Viber Android Secret Chats Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the “Secret Chats” functionality of Rakuten Viber on Android 9.3.0.6. The “Secret Chats” functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this...

ACD Systems Canvas Draw 4 FillSpan Out of Bounds Write Code Execution Vulnerability

Summary An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

ACD Systems Canvas Draw 5 Resolution_Set out-of-bounds write code execution vulnerability

Summary An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

ACD Systems Canvas Draw 5 huff table out-of-bounds write code execution vulnerability

Summary An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

ACD Systems Canvas Draw 5 IO metadata out-of-bounds write code execution vulnerability

Summary An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image t...

Python.org CPython X509 certificate parsing denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using...

WIBU-SYSTEMS WibuKey network server management WkbProgramLow remote code execution vulnerability

Summary An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet ...

WIBU-SYSTEMS WibuKey.sys 0x8200E804 kernel memory information disclosure vulnerability

Summary An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 Build 2400. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An...

WIBU-SYSTEMS WibuKey.sys 0x8200E804 pool corruption privilege escalation vulnerability

Summary An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 Build 2400. A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation...

Bitdefender BOX 2 bootstrap update_setup command execution vulnerability

Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...

Bitdefender BOX 2 bootstrap download_image command injection vulnerability

Summary An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands...

Pixar Renderman install helper privilege escalation vulnerability

Summary A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to...

Pixar Renderman Install Helper Arbitrary File Read Privilege Escalation Vulnerability

Summary A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to...

Apple IntelHD5000 Graphics Process Token Privilege Escalation Vulnerability

Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...

Foxit PDF Reader XFA xdpContent information leak vulnerability

Summary An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software’s PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitati...

Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability

Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...

Clean My Mac X removeLaunchdAgentAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

CleanMyMac X removeKextAtPath privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. Tested Versions Clean My Mac X 4.04 Product URLs...

Clean My Mac X pleaseTerminate denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machi...

Clean My Mac X securelyRemoveItemAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

CleanMyMac X moveItemAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful...

Clean My Mac X removePackageWithID privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

Clean My Mac X removeASL Privilege Escalation Vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a...

Clean My Mac X disableLaunchdAgentAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

CleanMyMac X removeDiagnosticLogs privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmymac...

CleanMyMac X removeItemAtPath Privilege Escalation Vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...

CleanMyMac X moveToTrashItemAtPath privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmym...

Clean My Mac X enableLaunchdAgentAtPath privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product...

CleanMyMac X truncateFileAtPath Privilege Escalation Vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs...

Telegram Android Secret Chats Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the “Secret Chats” functionality of the Telegram Android messaging application version 4.9.0. The “Secret Chats” functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request...

Webroot BrightCloud SDK HTTP headers-parsing code execution vulnerability

Summary An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightClo...

Webroot BrightCloud SDK HTTP connection unsafe defaults vulnerability

Summary An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightClou...

Adobe Acrobat Reader DC Text Field Value Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...

Facebook WhatsApp Desktop Multiple Web Connection Notice Bypass Vulnerability

Summary An exploitable notice bypass vulnerability exists in the multiple web connections functionality of Facebook WhatsApp Desktop version 0.2.9739. This functionality allows a user to choose what to do when multiple desktop sessions are initiated using WhatsApp Desktop. By stealing the session...

Signal Messenger Android self deleting messages Information Disclosure Vulnerability

Summary Signal Messenger for Android 4.24.8 may expose private information when using “disappearing messages.” If a user uses the photo feature available in the “attach file” menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system...

Netgate pfSense system_advanced_misc.php multiple remote command injection vulnerabilities

Summary Three exploitable command injection vulnerabilities exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send...

Atlantis Word Processor open document format unchecked NewAnsiString length remote code execution vulnerability

Summary An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...

Atlantis Word Processor Huffman table code length remote code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open ...

Atlantis Word Processor rich text format uninitialized TAutoList remote code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must...

TP-Link TL-R600VPN HTTP server ping address remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to...

TP-Link TL-R600VPN HTTP server information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an...

TP-Link TL-R600VPN HTTP Server fs directory Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP...

TP-Link TL-R600VPN HTTP server denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an...

Yi Technology Home Camera 27US p2p_tnp cleartext data transmission vulnerability

Summary An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Yi Technology Home Camera 27US 1.8.7.0D Product URLs...

Simple DirectMedia Layer SDL2_Image do_layer_surface code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

Yi Technology Home Camera 27US TimeSync Code Execution Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

Yi Technology Home Camera 27US notice_to denial-of-service vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...

Yi Technology Home Camera 27US CRCDec denial-of-service vulnerability

Summary An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...