Lucene search
K

2218 matches found

Talos
Talos
added 2018/12/06 12:0 a.m.46 views

Signal Messenger Android self deleting messages Information Disclosure Vulnerability

Summary Signal Messenger for Android 4.24.8 may expose private information when using “disappearing messages.” If a user uses the photo feature available in the “attach file” menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system...

4.7CVSS4.3AI score0.00507EPSS
Exploits1
Talos
Talos
added 2018/12/03 12:0 a.m.80 views

Netgate pfSense system_advanced_misc.php multiple remote command injection vulnerabilities

Summary Three exploitable command injection vulnerabilities exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send...

7.2CVSS7.7AI score0.7221EPSS
Exploits3
Talos
Talos
added 2018/11/20 12:0 a.m.241 views

Atlantis Word Processor Huffman table code length remote code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open ...

8.8CVSS7.9AI score0.01426EPSS
Exploits1
Talos
Talos
added 2018/11/20 12:0 a.m.233 views

Atlantis Word Processor rich text format uninitialized TAutoList remote code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must...

8.8CVSS7.8AI score0.01006EPSS
Exploits1
Talos
Talos
added 2018/11/20 12:0 a.m.244 views

Atlantis Word Processor open document format unchecked NewAnsiString length remote code execution vulnerability

Summary An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...

8.8CVSS8AI score0.01279EPSS
Exploits1
Talos
Talos
added 2018/11/19 12:0 a.m.278 views

TP-Link TL-R600VPN HTTP server denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an...

7.5CVSS7.4AI score0.23061EPSS
Exploits1
Talos
Talos
added 2018/11/19 12:0 a.m.336 views

TP-Link TL-R600VPN HTTP server information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an...

7.5CVSS7.7AI score0.53297EPSS
Exploits1
Talos
Talos
added 2018/11/19 12:0 a.m.355 views

TP-Link TL-R600VPN HTTP server ping address remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to...

8.8CVSS8.2AI score0.02917EPSS
Exploits1
Talos
Talos
added 2018/11/19 12:0 a.m.295 views

TP-Link TL-R600VPN HTTP Server fs directory Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP...

7.2CVSS7.6AI score0.03928EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.769 views

Yi Technology Home Camera 27US p2p_tnp cleartext data transmission vulnerability

Summary An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Yi Technology Home Camera 27US 1.8.7.0D Product URLs...

9CVSS8.3AI score0.01257EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.530 views

Yi Technology Home Camera 27US QR Code trans_info Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability...

8.3CVSS8.1AI score0.01932EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.546 views

Yi Technology Home Camera 27US Firmware 7z CRC Collision Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this...

7.6CVSS6.9AI score0.00586EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.592 views

Yi Technology Home Camera 27US Firmware Downgrade Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability. Tested Versions...

5.7CVSS4.8AI score0.00402EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.517 views

Yi Technology Home Camera 27US nonce reuse authentication bypass vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to...

9.8CVSS9.4AI score0.02633EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.525 views

Yi Technology Home Camera 27US cloudAPI SSID Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerabilit...

8.8CVSS8.5AI score0.01635EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.574 views

Yi Technology Home Camera 27US QR Code Base64 Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability...

9.1CVSS8.8AI score0.02582EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.514 views

Yi Technology Home Camera 27US notice_to denial-of-service vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...

7.5CVSS7.6AI score0.02253EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.526 views

Yi Technology Home Camera 27US TimeSync Code Execution Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

9.6CVSS8.3AI score0.02655EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.862 views

Yi Technology Home Camera 27US Firmware Update Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability...

7.6CVSS7.3AI score0.01672EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.516 views

Yi Technology Home Camera 27US CRCDec denial-of-service vulnerability

Summary An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability...

7.5CVSS7.8AI score0.02253EPSS
Exploits1
Talos
Talos
added 2018/10/31 12:0 a.m.514 views

Simple DirectMedia Layer SDL2_Image do_layer_surface code execution vulnerability

Summary An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Tested...

8.8CVSS9AI score0.03479EPSS
Exploits1
Talos
Talos
added 2018/10/26 12:0 a.m.513 views

MKVToolNix MKVINFO read_one_element code execution vulnerability

Summary A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV matroska file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user. Tested Versions MKVToolNix mkvinfo v25.0.0 ‘Prog Noir’ 64-bit Product URLs...

7.8CVSS7.5AI score0.01522EPSS
Exploits1
Talos
Talos
added 2018/10/25 12:0 a.m.565 views

Sophos HitmanPro.Alert hmpalert 0x2222CC privilege escalation vulnerability

Summary An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can...

9.3CVSS8.1AI score0.00541EPSS
Exploits1
Talos
Talos
added 2018/10/25 12:0 a.m.574 views

Sophos HitmanPro.Alert hmpalert 0x222000 kernel memory disclosure vulnerability

Summary An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP...

5.5CVSS5.2AI score0.00487EPSS
Exploits1
Talos
Talos
added 2018/10/18 12:0 a.m.541 views

Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability

Summary An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

10CVSS9.7AI score0.09487EPSS
Exploits3
Talos
Talos
added 2018/10/16 12:0 a.m.542 views

Linksys ESeries multiple OS command injection vulnerabilities

Summary Multiple exploitable operating system command injections exist in the Linksys ESeries line of routers. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an...

7.9AI score
Exploits0
Talos
Talos
added 2018/10/10 12:0 a.m.591 views

Microsoft WindowsCodecs.dll SniffAndConvertToWideString information leak vulnerability

Summary An exploitable memory leak vulnerability exists in the SniffAndConvertToWideString function of WindowsCodecs.dll 10.0.17134.1. A specially crafted JPEG file can cause the library to return uninitialized memory, resulting in an information leak. An a victim would have to interact with a...

5.5CVSS5.8AI score0.0436EPSS
Exploits0
Talos
Talos
added 2018/10/09 12:0 a.m.573 views

Intel Unified Shader Compiler for Intel Graphics Accelerator Remote Denial Of Service

Summary An exploitable denial-of-service vulnerability exists in the Intel’s Unified Shader Compiler for IntelR Graphics Accelerator 10.18.14.4889. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file either in binary or text...

6.5CVSS7.4AI score0.00437EPSS
Exploits0
Talos
Talos
added 2018/10/09 12:0 a.m.585 views

Intel Unified Shader Compiler for Intel Graphics Accelerator Pointer Corruption

Summary An exploitable pointer corruption vulnerability exists in the Intel’s Unified Shader Compiler for IntelR Graphics Accelerator 10.18.14.4889. A specially crafted pixel shader can cause a pointer corruption resulting in at least denial of service or, if exploited successfully, code executio...

7.8CVSS7.5AI score0.00871EPSS
Exploits0
Talos
Talos
added 2018/10/09 12:0 a.m.520 views

Intel Unified Shader Compiler for Intel Graphics Accelerator Remote Denial Of Service

Summary An exploitable denial of service vulnerability exists in the Intel’s Unified Shader Compiler for IntelR Graphics Accelerator 10.18.14.4889. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file either in binary or text...

5.5CVSS6.7AI score0.00482EPSS
Exploits0
Talos
Talos
added 2018/10/09 12:0 a.m.109 views

Intuit Quicken Deluxe 2018 for Mac Password Protection Authentication Bypass Vulnerability

Summary An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data withou...

7.1CVSS7AI score0.00432EPSS
Exploits1
Talos
Talos
added 2018/10/09 12:0 a.m.655 views

VMware Workstation 14 Shader Functionality Assert Denial Of Service

Summary An exploitable denial-of-service vulnerability exists in VMware Workstation 14. A specially crafted pixel shader can cause denial-of-service issues. An attacker can provide a specially crafted shader file either in binary or text form to trigger this vulnerability. This vulnerability can ...

6.5CVSS6.4AI score0.00426EPSS
Exploits0
Talos
Talos
added 2018/10/03 12:0 a.m.653 views

Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability

Summary An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2 parsing code of Google Chrome version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak that could be used as part of an exploit. ...

8.8CVSS8.9AI score0.01469EPSS
Exploits0
Talos
Talos
added 2018/10/02 12:0 a.m.490 views

Adobe Acrobat Reader DC collab review server remote code execution vulnerability

Summary Specific JavaScript code embedded in a PDF file can lead to a use-after-free condition when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20040. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...

9.3CVSS7.8AI score0.04833EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.522 views

Atlantis Word Processor Word document paragraph property (0xD608) sprmTDefTable uninitialized length code execution vulnerability

Summary An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a...

8.8CVSS8AI score0.01389EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.318 views

Atlantis Word Processor Windows Enhanced Metafile Code Execution Vulnerability

Summary An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries ...

8.8CVSS7.9AI score0.01021EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.290 views

Foxit PDF Reader JavaScript JSON.Stringify this remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02577EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.498 views

Foxit PDF Reader JavaScript Field object signatureInfo remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02577EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.517 views

Atlantis Word Processor Office Open XML TTableRow double free code execution vulnerability

Summary An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope...

8.8CVSS7.9AI score0.01036EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.497 views

Foxit PDF Reader JavaScript page change remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.4AI score0.02848EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.517 views

Foxit PDF Reader Javascript importDataObject Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.5AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.502 views

Foxit PDF Reader JavaScript this.event.target Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8CVSS8.2AI score0.06219EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.508 views

Foxit PDF Reader JavaScript getNthFieldName remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.4AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.498 views

Foxit PDF Reader Javascript Optional Content Group Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.4AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.289 views

Foxit PDF Reader JavaScript field object signatureGetSeedValue remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.5AI score0.03039EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.330 views

Atlantis Word Processor document endnote reference code execution vulnerability

Summary An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis word processor. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bound...

8.8CVSS8AI score0.0128EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.319 views

Atlantis Word Processor uninitialized TDocOleObject code execution vulnerability

Summary An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution. Tested Version...

7.8CVSS7.6AI score0.01202EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.530 views

Atlantis Word Processor Office Open XML uninitialized TTableRow code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later...

8.8CVSS7.8AI score0.01456EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.537 views

Foxit PDF Reader JavaScript getPageNumWords remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8CVSS8.1AI score0.09482EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.331 views

Atlantis Word Processor JPEG length underflow code execution vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used ...

8.8CVSS7.8AI score0.00889EPSS
Exploits1
Total number of security vulnerabilities2218