Lucene search
K

2218 matches found

Talos
Talos
added 2018/07/10 12:0 a.m.48 views

Antenna House Office Server Document Converter vbputanld code execution vulnerability

Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...

8.8CVSS8.4AI score0.02052EPSS
Exploits1
Talos
Talos
added 2018/07/10 12:0 a.m.87 views

Adobe Acrobat Reader DC JSON Stringify Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a use-after-free condition when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim...

10CVSS9.4AI score0.10486EPSS
Exploits0
Talos
Talos
added 2018/07/10 12:0 a.m.45 views

Antenna House Office Server Document Converter putlsttbl code execution vulnerability

Summary An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to a stack-based buffer overflow,...

8.8CVSS8.4AI score0.02525EPSS
Exploits1
Talos
Talos
added 2018/07/10 12:0 a.m.90 views

Adobe Acrobat Reader DC Collab.drivers Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to an object type confusion when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...

10CVSS9.7AI score0.08818EPSS
Exploits0
Talos
Talos
added 2018/07/10 12:0 a.m.43 views

Antenna House Office Server Document Converter vbgetfp code execution vulnerability

Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...

8.8CVSS8.1AI score0.01639EPSS
Exploits0
Talos
Talos
added 2018/07/10 12:0 a.m.38 views

Antenna House Office Server Document Converter GetShapePropery 0x105 code execution vulnerability

Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...

8.8CVSS8.3AI score0.02035EPSS
Exploits1
Talos
Talos
added 2018/07/10 12:0 a.m.43 views

Adobe Acrobat Reader DC Collab newWrStreamToCosObj Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to an object type confusion when opening a PDF document in Adobe Acrobat Reader DC 2018.011.20038. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim wou...

10CVSS9.6AI score0.08849EPSS
Exploits0
Talos
Talos
added 2018/07/10 12:0 a.m.45 views

Antenna House Office Server Document Converter putShapeProperty Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in...

8.8CVSS8.2AI score0.02489EPSS
Exploits1
Talos
Talos
added 2018/07/03 12:0 a.m.96 views

IBM AIX rmsock SetUID Binary Information Leak

Summary An exploitable kernel memory leak vulnerability is exposed by the rmsock setUID functionality of IBM AIX 6.1 and IBM AIX 7.1. A specially crafted command line can cause a kernel memory leak, resulting in uninitialized kernel memory being exposed. An attacker can execute rmuser with an...

5.5CVSS4.7AI score0.00425EPSS
Exploits0
Talos
Talos
added 2018/06/28 12:0 a.m.52 views

VMware Workstation 14 Shader Functionality Denial Of Service

Summary An exploitable denial-of-service vulnerability exists in the VMware Workstation 14. A specially crafted pixel shader can cause a read access violation resulting in, at least, denial of service. An attacker can provide a specially crafted shader file either in binary or text form to trigge...

8.1CVSS7.8AI score0.02975EPSS
Exploits0
Talos
Talos
added 2018/06/19 12:0 a.m.47 views

Insteon Hub HTTPExecuteGet Parameters Extraction Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger...

9.9CVSS9.4AI score0.01293EPSS
Exploits2
Talos
Talos
added 2018/06/19 12:0 a.m.195 views

Insteon Hub PubNub "cc" Channel Message Handler Multiple Stack Overflow Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An...

9.7AI score
Exploits0
Talos
Talos
added 2018/06/19 12:0 a.m.82 views

Insteon Hub PubNub Firmware Upgrade Confusion Permanent Denial Of Service Vulnerability

Summary An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the kind of firmware image that is...

8.7CVSS7.5AI score0.00512EPSS
Exploits2
Talos
Talos
added 2018/06/19 12:0 a.m.44 views

Insteon Hub PubNub control Channel Message Handler Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the “control” channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary...

9.1AI score
Exploits0
Talos
Talos
added 2018/06/19 12:0 a.m.53 views

Insteon Hub HTTPExecuteGet Firmware Update Information Leak Vulnerability

Summary An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can sen...

9.6CVSS6.9AI score0.01767EPSS
Exploits2
Talos
Talos
added 2018/06/19 12:0 a.m.47 views

Insteon Hub PubNub Firmware Downgrade Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the firmware version that is going to be...

8.6CVSS7.8AI score0.01119EPSS
Exploits2
Talos
Talos
added 2018/06/19 12:0 a.m.51 views

Insteon Hub PubNub "ad" Channel Message Handler Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the PubNub message handler for the “ad” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

8.5CVSS8.2AI score0.01081EPSS
Exploits2
Talos
Talos
added 2018/06/19 12:0 a.m.39 views

Insteon Hub Reboot Task Denial Of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send an UDP packet to trigger this vulnerability. Tested Versions Insteon Hub...

7.8CVSS7.5AI score0.01731EPSS
Exploits2
Talos
Talos
added 2018/06/19 12:0 a.m.41 views

Insteon Hub PubNub "cc" Channel Message Handler Multiple Global Overflow Code Execution Vulnerabilities

Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a buffer overflow on a global section overwriting arbitrary data...

9.5AI score
Exploits0
Talos
Talos
added 2018/06/19 12:0 a.m.38 views

Insteon Hub HTTPExecuteGet Firmware Update host Parameter Buffer Overflow Vulnerability

Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET...

9.9CVSS7.9AI score0.01118EPSS
Exploits2
Talos
Talos
added 2018/06/19 12:0 a.m.43 views

Insteon Hub HTTPExecuteGet Firmware Update URL Parameter Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET reque...

9.9CVSS9.6AI score0.01438EPSS
Exploits2
Talos
Talos
added 2018/06/19 12:0 a.m.582 views

Insteon Hub MPFS Upload Firmware Update Vulnerability

Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...

9.9CVSS9.2AI score0.01656EPSS
Exploits1
Talos
Talos
added 2018/06/14 12:0 a.m.66 views

Pixar Renderman IT Display Service 0x69 Command Denial-of-Service Vulnerability

Summary A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT...

7.5CVSS6.3AI score0.01633EPSS
Exploits1
Talos
Talos
added 2018/06/14 12:0 a.m.70 views

Pixar Renderman IT Display Service 0x67 Command Denial of Service Vulnerability

Summary A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer...

7.5CVSS6.4AI score0.01617EPSS
Exploits1
Talos
Talos
added 2018/06/12 12:0 a.m.286 views

Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability

Summary An exploitable heap corruption exists in the LoadIntegrityInfo function of wimgapi version 10.0.16299.15 WinBuild.160101.0800. A crafted WIM image can lead to a heap corruption, resulting in direct code execution. Tested Versions WIMGAPI 10.0.16299.15 WinBuild.160101.0800 Product URLs...

7.8CVSS7.1AI score0.24706EPSS
Exploits1
Talos
Talos
added 2018/06/05 12:0 a.m.96 views

Ocularis Recorder VMS_VA Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. Test...

7.5CVSS7.7AI score0.01938EPSS
Exploits1
Talos
Talos
added 2018/05/31 12:0 a.m.94 views

Natus Xltek EEG NeuroWorks Invalid KeyTree Entry Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.5AI score0.01388EPSS
Exploits0
Talos
Talos
added 2018/05/31 12:0 a.m.31 views

Natus Xltek EEG NeuroWorks ItemList Traversal Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.4AI score0.01597EPSS
Exploits0
Talos
Talos
added 2018/05/31 12:0 a.m.37 views

Natus Xltek EEG NeuroWorks ItemList Deserialization Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.6AI score0.01388EPSS
Exploits0
Talos
Talos
added 2018/05/15 12:0 a.m.94 views

Adobe Acrobat Reader DC ANFancyAlertImpl Remote Code Execution Vulnerability

Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...

10CVSS9.7AI score0.15976EPSS
Exploits1
Talos
Talos
added 2018/05/15 12:0 a.m.64 views

Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability

Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...

10CVSS9.7AI score0.09178EPSS
Exploits1
Talos
Talos
added 2018/05/07 12:0 a.m.130 views

Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities

Summary Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon 2.2.1. mmmagentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a...

10CVSS10AI score0.06164EPSS
Exploits4
Talos
Talos
added 2018/04/26 12:0 a.m.84 views

Hyland Perceptive Document Filters DOC to HTML updateNumbering Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. Tested Versions Perceptive Document...

8.8CVSS8.3AI score0.01951EPSS
Exploits2
Talos
Talos
added 2018/04/26 12:0 a.m.47 views

Hyland Perceptive Document Filters OpenDocument to JPEG conversion SkCanvas Code Execution vulnerability

Summary An exploitable double free exists in the OpenDocument to JPEG conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. Tested Versions Perceptive...

8.8CVSS8.9AI score0.02785EPSS
Exploits1
Talos
Talos
added 2018/04/26 12:0 a.m.32 views

Hyland Perceptive Document Filters Microsoft Word CDATA Code Execution Vulnerability

Summary An exploitable heap corruption exists in the Microsoft Word to many types conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted Microsoft Word XML document can lead to heap corruption resulting in remote code execution. An attacker can provide ...

8.8CVSS9.4AI score0.0283EPSS
Exploits1
Talos
Talos
added 2018/04/26 12:0 a.m.53 views

Hyland Perceptive Document Filters DOCX to HTML Code Execution Vulnerability

Summary An exploitable use after free exists in the DOCX to HTML conversion functionality of the Hyland Perspective Document Filters version 11.4.0.2647. A crafted DOCX document can lead to a use-after-free resulting in direct code execution. Tested Versions Perceptive Document Filters 11.4.0.264...

8.8CVSS8.8AI score0.03041EPSS
Exploits1
Talos
Talos
added 2018/04/19 12:0 a.m.203 views

SAP BPC Web Application Information Disclosure Vulnerability

Talos Vulnerability Report SAP SAP BPC Web Application Information Disclosure Vulnerability April 19, 2018 CVE Number CVE-2017-16349 Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external...

5.5CVSS6.9AI score0.01192EPSS
Exploits0
Talos
Talos
added 2018/04/19 12:0 a.m.47 views

Foxit PDF Reader AssociatedFile Annotation Type Confusion

Summary An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory...

8.8CVSS7.8AI score0.24033EPSS
Exploits2
Talos
Talos
added 2018/04/19 12:0 a.m.94 views

Foxit PDF Reader JavaScript XFA Clone Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.9AI score0.0287EPSS
Exploits1
Talos
Talos
added 2018/04/19 12:0 a.m.34 views

SAP BPC Web Application Information Disclosure Vulnerability

Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HT...

8.1CVSS7AI score0.01192EPSS
Exploits0
Talos
Talos
added 2018/04/19 12:0 a.m.54 views

Foxit PDF Reader JavaScript createTemplate Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to tric...

8.8CVSS8.8AI score0.03356EPSS
Exploits2
Talos
Talos
added 2018/04/19 12:0 a.m.38 views

Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability

Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...

8.8CVSS8.7AI score0.03221EPSS
Exploits2
Talos
Talos
added 2018/04/19 12:0 a.m.35 views

Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.9AI score0.03411EPSS
Exploits2
Talos
Talos
added 2018/04/17 12:0 a.m.1835 views

Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability

Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access, can fully compromise the device by performing a firmware...

9.6CVSS8.4AI score0.01106EPSS
Exploits2
Talos
Talos
added 2018/04/13 12:0 a.m.42 views

Moxa EDR-810 Web Server Cross-Site Request Forgery Vulnerability

Summary An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Tested Versions Mo...

8.8CVSS8.9AI score0.01011EPSS
Exploits2
Talos
Talos
added 2018/04/13 12:0 a.m.44 views

Moxa EDR-810 Server Agent Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. Tested Versions Moxa...

7.5CVSS5.7AI score0.48138EPSS
Exploits2
Talos
Talos
added 2018/04/13 12:0 a.m.42 views

Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...

9CVSS9AI score0.04328EPSS
Exploits2
Talos
Talos
added 2018/04/13 12:0 a.m.49 views

Moxa EDR-810 Web Server Weak Cryptography for Passwords Vulnerability

Summary An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. Tested Versions Moxa EDR-810 V4.1 build 17030317 Product URLs...

8CVSS5.4AI score0.0071EPSS
Exploits2
Talos
Talos
added 2018/04/13 12:0 a.m.31 views

Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...

9CVSS9.1AI score0.04024EPSS
Exploits2
Talos
Talos
added 2018/04/13 12:0 a.m.43 views

Moxa EDR-810 Web Server strcmp Multiple Denial of Service Vulnerabilities

Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to “/MOXALOG.ini, /MOXACFG.ini, o...

7.5CVSS7.3AI score0.0219EPSS
Exploits4
Total number of security vulnerabilities2218