Lucene search
K

2218 matches found

Talos
Talos
added 2018/10/01 12:0 a.m.333 views

Atlantis Word Processor empty TTableRow TList code execution vulnerability

Summary An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage ...

8.8CVSS7.9AI score0.01458EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.564 views

Atlantis Word Processor Word Document Complex Piece Descriptor Table Fc.Compressed Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim ...

8.8CVSS7.9AI score0.01007EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.283 views

Foxit PDF Reader JavaScript this.dataObjects remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8CVSS8.2AI score0.06219EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.501 views

Foxit PDF Reader JavaScript getPageRotation remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.503 views

Foxit PDF Reader Javascript removeDataObject Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02114EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.517 views

Foxit PDF Reader JavaScript getPageNthWord remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick t...

8.8CVSS8.5AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.310 views

Foxit PDF Reader JavaScript this.bookmarkRoot.children remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8CVSS8.2AI score0.06043EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.306 views

Foxit PDF Reader JavaScript this.info multiple remote code execution vulnerabilities

Summary A total of six separate use-after-free vulnerabilities exist in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker...

8CVSS8.1AI score0.02895EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.486 views

Foxit PDF Reader JavaScript field object isDefaultChecked remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.483 views

Foxit PDF Reader Javascript JSON.Stringify this.info Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.5AI score0.03197EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.514 views

Foxit PDF Reader JavaScript getPageBox remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02577EPSS
Exploits0
Talos
Talos
added 2018/09/25 12:0 a.m.54 views

Epee Levin Packet Deserialization Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the Levin deserialization functionality of the epee library. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Tested Versions Monero...

10CVSS9.7AI score0.03686EPSS
Exploits1
Talos
Talos
added 2018/09/07 12:0 a.m.71 views

ProtonVPN VPN client connect privilege escalation vulnerability

Summary An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system’s privileges. Tested Versions...

10CVSS8.7AI score0.02538EPSS
Exploits0
Talos
Talos
added 2018/09/07 12:0 a.m.100 views

NordVPN VPN client connect privilege escalation vulnerability

Summary An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. Tested Versions NordVPN 6.14.28.0 Product...

10CVSS8.7AI score0.02538EPSS
Exploits0
Talos
Talos
added 2018/09/05 12:0 a.m.82 views

ERPNext SQL Injection Vulnerabilities

Summary Exploitable SQL injection vulnerabilities exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. Tested...

8.8CVSS7.5AI score0.00912EPSS
Exploits3
Talos
Talos
added 2018/07/26 12:0 a.m.21 views

Samsung SmartThings Hub video-core database shard code execution vulnerabilities

Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the “shard” table of its SQLite database, leading to a buffer...

8AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.35 views

Samsung SmartThings Hub video-core clips Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

9AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.44 views

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

9.1AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.32 views

Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the camera “update” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

9.8AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.66 views

Samsung SmartThings Hub hubCore ZigBee firmware update CRC16 check denial-of-service vulnerability

Summary An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub. The hubCore process incorrectly handles malformed files existing in its “data” directory, leading to an infinite loop, which eventually causes...

5.5CVSS5.4AI score0.00421EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.31 views

Samsung SmartThings Hub video-core credentials videoHostUrl Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

9.9CVSS9.7AI score0.01753EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.79 views

Samsung SmartThings Hub hubCore port 39500 sync denial-of-service vulnerability

Summary An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings’ remote servers, which incorrectly handle camera IDs for the “sync” operation, leading to arbitrary deleti...

7.5CVSS7AI score0.00989EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.27 views

Samsung SmartThings Hub video-core credentials Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can...

9.6AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.46 views

Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability

Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...

8.8CVSS8.8AI score0.01553EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.43 views

Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on th...

8.2CVSS8.3AI score0.0041EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.296 views

Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability

Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings’ remote servers, which insecurely handle JSON messages, leading to partially controll...

8.6CVSS8.6AI score0.01223EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.37 views

Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “create” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the “state” field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

9.9CVSS9.3AI score0.01489EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.28 views

Samsung SmartThings Hub video-core samsungWifiScan Callback Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stac...

9.9CVSS9.8AI score0.02014EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.36 views

Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...

9.9CVSS9.3AI score0.01242EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.31 views

Samsung SmartThings Hub video-core Camera URL Replace Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “replace” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

9.9CVSS9.7AI score0.01753EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.35 views

Samsung SmartThings Hub hubCore Google Breakpad backtrace.io information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to...

6.8CVSS6AI score0.01138EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.35 views

Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability

Summary Multiple exploitable buffer overflow vulnerabilities exist in the samsungWifiScan handler of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

9.6AI score
Exploits0
Talos
Talos
added 2018/07/26 12:0 a.m.883 views

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

9.9CVSS9.7AI score0.03444EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.27 views

Samsung SmartThings Hub video-core AWSELB Cookie Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on...

9.9CVSS9.5AI score0.01475EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.40 views

Samsung SmartThings Hub video-core Database clips Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the “clips” table of its SQLite database, leading to a buffer overflow on...

9.9CVSS9.2AI score0.00946EPSS
Exploits2
Talos
Talos
added 2018/07/20 12:0 a.m.47 views

Sony IPELA E Series Camera 802dot1xclientcert remote code execution vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to...

10CVSS9.8AI score0.03299EPSS
Exploits0
Talos
Talos
added 2018/07/20 12:0 a.m.63 views

Sony IPELA E Series Camera measurementBitrateExec command injection vulnerability

Summary An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. Tested...

9.1CVSS8.7AI score0.09617EPSS
Exploits2
Talos
Talos
added 2018/07/20 12:0 a.m.69 views

FocalScope XML External Entity Injection Vulnerability

Summary An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope’s server that could cause an XXE, and potentially result in data compromise. Tested Versions...

9.4CVSS9.6AI score0.01235EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.52 views

ACD Systems Canvas Draw 4 Resolution_Set Out of Bounds Write Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

8.8CVSS8AI score0.01456EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.43 views

ACD Systems Canvas Draw 4 IO Metadata Out-of-Bounds Write Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

8.8CVSS7.9AI score0.01444EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.45 views

Foxit PDF Reader Javascript createTemplate nPage Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.5AI score0.02347EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.40 views

ACD Systems Canvas Draw 4 Invert Map Out-of-Bounds Write Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

8.8CVSS7.9AI score0.01456EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.74 views

Foxit PDF Reader Javascript MailForm Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to tri...

8.8CVSS8.5AI score0.4414EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.56 views

ACD Systems Canvas Draw 4 Huff Table Out-of-bounds Write Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this...

8.8CVSS8AI score0.01795EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.44 views

ACD Systems Canvas Draw 4 PlanarConfiguration Heap Overflow Code Execution Vulnerability

Summary An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerabili...

8.8CVSS8.2AI score0.01455EPSS
Exploits1
Talos
Talos
added 2018/07/19 12:0 a.m.44 views

ACD Systems Canvas Draw 4 setRasterData Heap Overflow Code Execution Vulnerability

Summary An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerabili...

8.8CVSS8.3AI score0.01793EPSS
Exploits1
Talos
Talos
added 2018/07/11 12:0 a.m.44 views

Computerinsel Photoline PSD Blending Channel Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerabili...

8.8CVSS8.2AI score0.01469EPSS
Exploits1
Talos
Talos
added 2018/07/11 12:0 a.m.39 views

Computerinsel Photoline PCX Run Length Encoding Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

8.8CVSS8AI score0.01484EPSS
Exploits1
Talos
Talos
added 2018/07/11 12:0 a.m.53 views

Computerinsel Photoline ANI Parsing Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this...

8.8CVSS8.2AI score0.01469EPSS
Exploits1
Talos
Talos
added 2018/07/10 12:0 a.m.87 views

Adobe Acrobat Reader DC JSON Stringify Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a use-after-free condition when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim...

10CVSS9.4AI score0.10486EPSS
Exploits0
Total number of security vulnerabilities2218