2204 matches found
Libgraphite Bidirectional Font BracketPairStack Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0057 Libgraphite Bidirectional Font BracketPairStack Code Execution Vulnerability February 5, 2016 CVE Number CVE-2016-1522 Description An exploitable out-of-bounds access vulnerability exists in the bidirectional font handling functionality of Libgraphite. A...
Libgraphite Bidirectional Font mFeatureMap Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0060 Libgraphite Bidirectional Font mFeatureMap Denial of Service Vulnerability February 5, 2016 CVE Number CVE-2016-1522 Description An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially...
Libgraphite directrun Opcode Handling Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0058 Libgraphite directrun Opcode Handling Code Execution Vulnerability February 5, 2016 CVE Number CVE-2016-1521 Description An exploitable out-of-bounds read vulnerability exists in the opcode handling functionality of Libgraphite. A specially crafted font...
Matroska Media Container libmatroska Multiple ElementList Double Free Vulnerabilities
Talos Vulnerability Report TALOS-2016-0037 Matroska Media Container libmatroska Multiple ElementList Double Free Vulnerabilities January 28, 2016 CVE Number CVE-2016-1515 Description A use after free/double free vulnerability can occur in libmatroska while parsing Track elements of the MKV...
Matroska libebml EbmlUnicodeString Heap Information Leak
Talos Vulnerability Report TALOS-2016-0036 Matroska libebml EbmlUnicodeString Heap Information Leak January 28, 2016 CVE Number CVE-2015-8790 Description A specially crafted unicode string can cause an off-by-few read on the heap in unicode string parsing code in libebml. This issue can potential...
Network Time Protocol ntpq Buffer Overflow Vulnerability
CERT VU357792 Summary ntpq contains a buffer overflow. nextvar executes a memcpy into the name buffer without a proper length check against its maximum length of 256 bytes. Tested Versions ntp 4.2.8p3 NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 Product URLs http://www.ntp.orghttp://www.ntp.or...
Network Time Protocol ntpq and ntpdc Infinite Loop Vulnerability
CERT VU357792 Summary ntpq processes incoming packets in a loop in getresponse. The loop’s only stopping conditions are receiving a complete and correct response or hitting a small number of error conditions. If the packet contains incorrect values that don’t trigger one of the error conditions,...
Network Time Protocol Private Mode 'reslist' Stack Memory Exhaustion Vulnerability
CERT VU357792 Summary An unauthenticated ntpdc reslist command can cause a segmentation fault in ntpd by exhausting the call stack. The following conditions must be met: 1. Mode 7 must be enabled. By default, mode 7 is disabled. 2. A large enough number of entries must be in the restrict lists to...
Network Time Protocol Origin Timestamp Check Impersonation Vulnerability
CERT VU357792 Summary To distinguish legitimate peer responses from forgeries, a client attempts to verify a response packet by ensuring that the origin timestamp in an incoming packet matches the transmit timestamp it transmitted in its last request. A logic error exists that allows packets with...
Network Time Protocol Authenticated Preemptable Modes Denial-of-Service Vulnerability
CERT VU357792 Summary Expected Behavior: The protocol should prevent against off-path Denial of Service attacks in authenticated broadcast and other modes which create preemptable associations, such as: multicast client, manycast client, pool client modes, and associations configured with the...
Network Time Protocol Skeleton Key: Symmetric Authentication Impersonation Vulnerability
CERT VU357792 Summary Symmetric key encryption requires a single trusted key to be specified for each server configuration. A key specified only for one server should only work to authenticate that server, other trusted keys should be refused. Instead we observe that when symmetric key...
Network Time Protocol ntpq Special Character Filtering Vulnerability
Summary The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Only back slash and forward slash are currently filtered out. There are other special characters that are allowed in the filename which can cause issues during globbing. In additio...
Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability
CERT VU357792 Summary To prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will...
Network Time Protocol ntpq Control Protocol Replay Vulnerability
CERT VU357792 Summary The ntpq protocol is vulnerable to replay attacks. The sequence number being included under the signature fails to prevent replay attacks for two reasons. Commands that don’t require authentication can be used to move the sequence number forward, and NTP doesn’t actually car...
Network Time Protocol Private Mode 'reslist' NULL Pointer Dereference Vulnerability
Summary An unauthenticated ntpdc reslist command can cause a segmentation fault in ntpd by causing a NULL pointer dereference. The following conditions must be met: 1. Mode 7 must be enabled. By default, mode 7 is disabled. 2. A large enough number of entries must exist in the restrict list to...
Network Time Protocol Deja Vu: Broadcast Mode Replay Vulnerability
Summary Expected Behavior: RFC 5905 page 29 Section 8 states that the on-wire protocol resists replay of server response packet in broadcast mode. Also on page 55 section 15, the RFC claims security in authenticated mode against on-path attackers where an attacker can: a Intercept and archive...
Apple Quicktime dref Atom Null Data Reference Entry Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0023 Apple Quicktime dref Atom Null Data Reference Entry Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7090 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size and type of a dat...
Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0019 Apple Quicktime Invalid samr Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7087 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of a samr atom in a .mov file...
Apple Quicktime mdat Corruption Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0020 Apple Quicktime mdat Corruption Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7088 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...
Apple Quicktime Invalid alis Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0022 Apple Quicktime Invalid alis Atom Size Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7117 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of an alis atom in a .mov file...
Apple Quicktime mdat Corruption Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0021 Apple Quicktime mdat Corruption Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7089 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...
RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0067 RTMPDump librtmp AMF3 Class Member Count Remote Code Execution Vulnerability January 7, 2016 CVE Number CVE-2015-8271 Description The vulnerability occurs within the AMF3CDAddProp function within amf.c. If an attacker sets up a malicious RTMP Media serve...
RTMPDump librtmp AMF3 MemberName Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2016-0066 RTMPDump librtmp AMF3 MemberName Denial of Service Vulnerability January 7, 2016 CVE Number CVE-2015-8270 Description The vulnerability occurs within the AMF3ReadString function within amf.c. If an attacker sets up a malicious RTMP Media server that...
RTMPDump rtmpsrv PlayPath Null Pointer Dereference
Talos Vulnerability Report TALOS-2016-0068 RTMPDump rtmpsrv PlayPath Null Pointer Dereference January 7, 2016 CVE Number CVE-2015-8272 Description A vulnerability exists in rtmpsrv in which an attacker can entice a user to utilize rtmpsrv to save an RTMP media stream that is missing a playpath...
Microsoft .NET Manifest Resource Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2015-0129 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...
Microsoft .NET Manifest Resource Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2015-0130 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...
NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability
Talos Vulnerability Report TALOS-2015-0069 NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability October 21, 2015 CVE Number CVE-2015-7871 Summary Unauthenticated off-path attackers can force ntpd processes to peer with malicious time sources of the attacker’s choosing...
Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability
Talos Vulnerability Report TALOS-2015-0062 Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability October 21, 2015 CVE Number CVE-2015-7851 Description A potential path traversal vulnerability exists in the config file saving of ntpd on VMS. A specially crafted path could cause a...
Network Time Protocol ntpq atoascii Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0063 Network Time Protocol ntpq atoascii Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7852 Description A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffe...
Network Time Protocol ntpd multiple integer overflow read access violations
Talos Vulnerability Report TALOS-2015-0052 Network Time Protocol ntpd multiple integer overflow read access violations October 21, 2015 CVE Number CVE-2015-7848 Description When processing a specially crafted private mode packet, an integer overflow can occur leading to out of bounds memory copy...
Network Time Protocol Remote Configuration Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0055 Network Time Protocol Remote Configuration Denial of Service Vulnerability October 21, 2015 CVE Number CVE-2015-7850 Description An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol....
Network Time Protocol Reference Clock Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0064 Network Time Protocol Reference Clock Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7853 Description A potential buffer overflow vulnerability exists in the refclock of ntpd. An invalid length provided by a hardware reference clock...
Network Time Protocol Trusted Keys Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0054 Network Time Protocol Trusted Keys Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7849 Description An exploitable use-after-free vulnerability exists in the password management functionality of the Network Time Protocol. A specially...
Network Time Protocol Password Length Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0065 Network Time Protocol Password Length Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7854 Description A potential buffer overflow vulnerability exists in the password management functionality of ntp. A specially crafted key file cou...
Microsoft Windows CDD Font Parsing Kernel Memory Corruption
Talos Vulnerability Report TALOS-2015-0007 Microsoft Windows CDD Font Parsing Kernel Memory Corruption September 15, 2015 CVE Number CVE-2015-2506 Description An exploitable kernel memory corruption vulnerability exists in Microsoft Windows. A specially crafted font file can cause the Microsoft...
MiniUPnP Internet Gateway Device Protocol XML Parser Buffer Overflow
Talos Vulnerability Report TALOS-2015-0035 MiniUPnP Internet Gateway Device Protocol XML Parser Buffer Overflow September 15, 2015 CVE Number CVE-2015-6031 Description An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted...
Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0014 Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3790 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the size of an mvhd atom can cause an...
Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0015 Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3791 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the elementary video...
Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0013 Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3789 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the number of...
Apple Quicktime mdat Corruption Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0017 Apple Quicktime mdat Corruption Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3792 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...
Apple Quicktime Invalid URL Atom Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0012 Apple Quicktime Invalid URL Atom Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3788 Description An exploitable denial of service vulnerability exists in Apple Quicktime. An attacker who can control the size of a “url” atom in a...
Apple Quicktime tkhd Atom Matrix Corruption Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0016 Apple Quicktime tkhd Atom Matrix Corruption Denial of Service Vulnerability July 20, 2015 CVE Number CVE-2015-5786 Description An exploitable denial of service vulnerability exists in Apple Quicktime. An attacker who can control the values in the matrix...
Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities
Talos Vulnerability Report TALOS-2015-0024 Total Commander FileInfo Plugin Multiple Denial of Service Vulnerabilities July 16, 2015 CVE Number CVE-2015-2869 Description Multiple exploitable denial of service vulnerabilities exist in the FileInfo Plugin for Total Commander. An attacker who can...
Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability
Talos Vulnerability Report TALOS-2015-0018 Apple Quicktime Corrupt stbl Atom Remote Code Execution Vulnerability June 30, 2015 CVE Number CVE-2015-3667 Description There is a remote code execution vulnerability in Apple Quicktime. An attacker who can control the data inside an stbl atom in a .mov...
Pidgin libpurple STUN Response Length NULL Write Vulnerability
Talos Vulnerability Report VRT-2014-0202 Pidgin libpurple STUN Response Length NULL Write Vulnerability May 11, 2015 Description A exploitable NULL write vulnerability exists in Pidgin’s implementation of the STUN protocol in the libpurple library. An attacker who can control the response to a ST...
Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability
Talos Vulnerability Report VRT-2014-0201 Pidgin libpurple MSN Message Parsing NULL Dereference Denial of Service Vulnerability May 11, 2015 Description A exploitable denial of service vulnerability exists in Pidgin’s implem ntation of the MSN Messenger protocol in the libpurple library. An attack...
Pidgin libpurple Novell Protocol Multiple Denial of Service Vulnerabilities
Talos Vulnerability Report VRT-2014-0204 Pidgin libpurple Novell Protocol Multiple Denial of Service Vulnerabilities November 6, 2014 CVE Number CVE-2014-3696 Description Several exploitable denial of service vulnerabilities exist in Pidgin’s implementation of the Novell protocol in the libpurple...
Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability
Talos Vulnerability Report VRT-2014-0205 Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability November 6, 2014 CVE Number CVE-2014-3697 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the TAR archive parsing functionality. An attacker wh...
Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability
Talos Vulnerability Report VRT-2014-0203 Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability November 6, 2014 CVE Number CVE-2014-3695 Description An exploitable denial of service vulnerability exists in Pidgin’s implementation of the Mxit protocol in the libpurple library. ...
Microsoft Windows FastFAT NumberOfFATs Buffer Overflow Vulnerability
Talos Vulnerability Report VRT-2014-0301 Microsoft Windows FastFAT NumberOfFATs Buffer Overflow Vulnerability March 7, 2014 CVE Number CVE-2014-4115 Description An exploitable local privileged code execution vulnerability exists in the Microsoft Windows FastFAT system driver. The FastFAT system...