2204 matches found
Adobe Acrobat Reader Font hMetric Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2025-2134 Adobe Acrobat Reader Font hMetric Out-Of-Bounds Read Vulnerability March 12, 2025 CVE Number CVE-2025-27163 SUMMARY An out-of-bounds read vulnerability exists in the Font functionality of Adobe Acrobat Reader 2024.005.20320. A specially crafted font file...
miniaudio ma_dr_flac__decode_samples__lpc out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-2063 miniaudio madrflacdecodesampleslpc out-of-bounds write vulnerability March 4, 2025 CVE Number CVE-2024-41147 SUMMARY An out-of-bounds write vulnerability exists in the madrflacdecodesampleslpc functionality of Miniaudio miniaudio v0.11.21. A specially...
NVIDIA nvJPEG2000 Ndecomp heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2108 NVIDIA nvJPEG2000 Ndecomp heap-based buffer overflow vulnerability February 11, 2025 CVE Number CVE-2024-0144 SUMMARY A heap-based buffer overflow vulnerability exists in the Ndecomp field handling of NVIDIA nvJPEG2000 0.8.0. A specially crafted JPEG2000...
NVIDIA nvJPEG2000 Default Coding Styles Ndecomp buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2113 NVIDIA nvJPEG2000 Default Coding Styles Ndecomp buffer overflow vulnerability February 11, 2025 CVE Number CVE-2024-0145 SUMMARY A heap based buffer overflow vulnerability exists in the way Ndecomp parameter is used when parsing JPEG2000 files in NVIDIA...
NVIDIA nvJPEG2000 cSIZ out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-2080 NVIDIA nvJPEG2000 cSIZ out-of-bounds write vulnerability February 11, 2025 CVE Number CVE-2024-0142 SUMMARY A memory corruption vulnerability exists in the Image Decoding functionality of NVIDIA nvJPEG2000 0.8.0. A specially crafted .jp2 file can lead to...
NVIDIA nvJPEG2000 Coding Style Component index out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-2095 NVIDIA nvJPEG2000 Coding Style Component index out-of-bounds write vulnerability February 11, 2025 CVE Number CVE-2024-0143 SUMMARY A memory corruption vulnerability exists in the Coding Style Component handling of the NVIDIA nvJPEG2000 library version...
ClearML dataset upload XSS vulnerability
Talos Vulnerability Report TALOS-2024-2110 ClearML dataset upload XSS vulnerability February 6, 2025 CVE Number CVE-2024-39272 SUMMARY A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can...
ClearML Vault API disabled vaults retrieval vulnerability
Talos Vulnerability Report TALOS-2024-2112 ClearML Vault API disabled vaults retrieval vulnerability February 6, 2025 CVE Number CVE-2024-43779 SUMMARY An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP...
Observium mapname cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2024-2092 Observium mapname cross-site scripting XSS vulnerability January 15, 2025 CVE Number CVE-2024-45061 SUMMARY A cross-site scripting xss vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP reque...
Observium vlan html code injection vulnerability
Talos Vulnerability Report TALOS-2024-2091 Observium vlan html code injection vulnerability January 15, 2025 CVE Number CVE-2024-47002 SUMMARY A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitra...
Observium add_alert_check cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2024-2090 Observium addalertcheck cross-site scripting XSS vulnerability January 15, 2025 CVE Number CVE-2024-47140 SUMMARY A cross-site scripting xss vulnerability exists in the addalertcheck page of Observium CE 24.4.13528. A specially crafted HTTP request can...
Wavlink AC3000 wireless.cgi set_wifi_basic_mesh() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2042 Wavlink AC3000 wireless.cgi setwifibasicmesh buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39603 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000...
Wavlink AC3000 update_filter_url.sh argument injection vulnerability
Talos Vulnerability Report TALOS-2024-2038 Wavlink AC3000 updatefilterurl.sh argument injection vulnerability January 14, 2025 CVE Number CVE-2024-39604 SUMMARY A command execution vulnerability exists in the updatefilterurl.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially craft...
Wavlink AC3000 wireless.cgi AddMac() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2044 Wavlink AC3000 wireless.cgi AddMac command injection vulnerability January 14, 2025 CVE Number CVE-2024-34544 SUMMARY A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...
Wavlink AC3000 adm.cgi rep_as_bridge() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2025 Wavlink AC3000 adm.cgi repasbridge buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-37184 SUMMARY A buffer overflow vulnerability exists in the adm.cgi repasbridge functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...
Wavlink AC3000 nas.cgi add_dir() command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2058 Wavlink AC3000 nas.cgi adddir command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39784,CVE-2024-39785 SUMMARY Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 wireless.cgi AddMac() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2043 Wavlink AC3000 wireless.cgi AddMac buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39757 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 adm.cgi set_TR069() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2028 Wavlink AC3000 adm.cgi setTR069 command injection vulnerability January 14, 2025 CVE Number CVE-2024-21797 SUMMARY A command execution vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HT...
Wavlink AC3000 login.cgi Goto_chidx() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2019 Wavlink AC3000 login.cgi Gotochidx buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36290 SUMMARY A buffer overflow vulnerability exists in the login.cgi Gotochidx functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...
Wavlink AC3000 adm.cgi set_ledonoff() OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-2032 Wavlink AC3000 adm.cgi setledonoff OS command injection vulnerability January 14, 2025 CVE Number CVE-2024-37186 SUMMARY An os command injection vulnerability exists in the adm.cgi setledonoff functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
Wavlink AC3000 qos.cgi qos_sta() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2047 Wavlink AC3000 qos.cgi qossta command injection vulnerability January 14, 2025 CVE Number CVE-2024-36295 SUMMARY A command execution vulnerability exists in the qos.cgi qossta functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Wavlink AC3000 openvpn.cgi openvpn_client_setup() Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2051 Wavlink AC3000 openvpn.cgi openvpnclientsetup Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-38666 SUMMARY An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000...
Wavlink AC3000 firewall.cgi iptablesWebsFilterRun() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2023 Wavlink AC3000 firewall.cgi iptablesWebsFilterRun command injection vulnerability January 14, 2025 CVE Number CVE-2024-39367 SUMMARY An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun functionality of Wavlink AC3000...
Wavlink AC3000 adm.cgi set_sys_adm() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2030 Wavlink AC3000 adm.cgi setsysadm buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39774 SUMMARY A buffer overflow vulnerability exists in the adm.cgi setsysadm functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Wavlink AC3000 adm.cgi set_wzdgw4G() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2026 Wavlink AC3000 adm.cgi setwzdgw4G buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39294 SUMMARY A buffer overflow vulnerability exists in the adm.cgi setwzdgw4G functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HT...
Wavlink AC3000 qos.cgi qos_sta_settings() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2048 Wavlink AC3000 qos.cgi qosstasettings buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39299 SUMMARY A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...
Wavlink AC3000 touchlist_sync.cgi touchlistsync() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2046 Wavlink AC3000 touchlistsync.cgi touchlistsync buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36258 SUMMARY A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000...
Wavlink AC3000 adm.cgi rep_as_router() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2024 Wavlink AC3000 adm.cgi repasrouter buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39756 SUMMARY A buffer overflow vulnerability exists in the adm.cgi repasrouter functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...
Wavlink AC3000 qos.cgi qos_settings() buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2024-2049 Wavlink AC3000 qos.cgi qossettings buffer overflow vulnerabilities January 14, 2025 CVE Number CVE-2024-39803,CVE-2024-39801,CVE-2024-39802 SUMMARY Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000...
Wavlink AC3000 nas.cgi set_nas() samba Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2052 Wavlink AC3000 nas.cgi setnas samba Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-39602 SUMMARY An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
Wavlink AC3000 fw_check.sh Firmware Upload vulnerability
Talos Vulnerability Report TALOS-2024-2037 Wavlink AC3000 fwcheck.sh Firmware Upload vulnerability January 14, 2025 CVE Number CVE-2024-39273 SUMMARY A firmware update vulnerability exists in the fwcheck.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can...
Wavlink AC3000 wireless.cgi set_wifi_basic() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2041 Wavlink AC3000 wireless.cgi setwifibasic buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36493 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasic functionality of Wavlink AC3000...
Wavlink AC3000 testsave.sh Information Disclosure vulnerability
Talos Vulnerability Report TALOS-2024-2035 Wavlink AC3000 testsave.sh Information Disclosure vulnerability January 14, 2025 CVE Number CVE-2024-39773 SUMMARY An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...
Wavlink AC3000 touchlist_sync.cgi touchlistsync() command injection vulnerability
Talos Vulnerability Report TALOS-2024-2000 Wavlink AC3000 touchlistsync.cgi touchlistsync command injection vulnerability January 14, 2025 CVE Number CVE-2024-34166 SUMMARY An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000...
Wavlink AC3000 internet.cgi set_add_routing() command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2020 Wavlink AC3000 internet.cgi setaddrouting command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39764,CVE-2024-39765,CVE-2024-39763,CVE-2024-39762 SUMMARY Multiple OS command injection vulnerabilities exist in the internet.cgi...
Wavlink AC3000 touchlist_sync.cgi main() arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2024-1999 Wavlink AC3000 touchlistsync.cgi main arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2022-2488 SUMMARY An arbitrary code execution vulnerability exists in the touchlistsync.cgi main functionality of Wavlink AC3000...
Wavlink AC3000 openvpn.cgi openvpn_server_setup() Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2050 Wavlink AC3000 openvpn.cgi openvpnserversetup Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39798,CVE-2024-39800,CVE-2024-39799 SUMMARY Multiple external config control vulnerabilities exists in the openvpn.cgi...
Wavlink AC3000 wireless.cgi DeleteMac() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2040 Wavlink AC3000 wireless.cgi DeleteMac buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39359 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 nas.cgi set_smb_cfg() Configuration Control Vulnerability
Talos Vulnerability Report TALOS-2024-2055 Wavlink AC3000 nas.cgi setsmbcfg Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-39280 SUMMARY An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A special...
Wavlink AC3000 wctrls static login vulnerability
Talos Vulnerability Report TALOS-2024-2034 Wavlink AC3000 wctrls static login vulnerability January 14, 2025 CVE Number CVE-2024-39754 SUMMARY A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead ...
Wavlink AC3000 usbip.cgi set_info() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2045 Wavlink AC3000 usbip.cgi setinfo buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36272 SUMMARY A buffer overflow vulnerability exists in the usbip.cgi setinfo functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Wavlink AC3000 nas.cgi remove_dir() Command Injection Vulnerability
Talos Vulnerability Report TALOS-2024-2054 Wavlink AC3000 nas.cgi removedir Command Injection Vulnerability January 14, 2025 CVE Number CVE-2024-39360 SUMMARY An os command injection vulnerability exists in the nas.cgi removedir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...
Wavlink AC3000 adm.cgi set_wzdap() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2027 Wavlink AC3000 adm.cgi setwzdap buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39358 SUMMARY A buffer overflow vulnerability exists in the adm.cgi setwzap functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...
Wavlink AC3000 wireless.cgi SetName() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2039 Wavlink AC3000 wireless.cgi SetName buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39357 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 login.cgi set_lang_CountryCode() Persistent XSS vulnerability
Talos Vulnerability Report TALOS-2024-2017 Wavlink AC3000 login.cgi setlangCountryCode Persistent XSS vulnerability January 14, 2025 CVE Number CVE-2024-39363 SUMMARY A cross-site scripting xss vulnerability exists in the login.cgi setlangCountryCode functionality of Wavlink AC3000...
Wavlink AC3000 internet.cgi set_add_routing() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2021 Wavlink AC3000 internet.cgi setaddrouting buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39288 SUMMARY A buffer overflow vulnerability exists in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 nas.cgi add_dir() Directory Traversal Vulnerabilities
Talos Vulnerability Report TALOS-2024-2057 Wavlink AC3000 nas.cgi adddir Directory Traversal Vulnerabilities January 14, 2025 CVE Number CVE-2024-39786,CVE-2024-39787 SUMMARY Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.21050...
Wavlink AC3000 adm.cgi set_MeshAp() arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2024-2031 Wavlink AC3000 adm.cgi setMeshAp arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2024-39370 SUMMARY An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 login.cgi set_sys_init() command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2018 Wavlink AC3000 login.cgi setsysinit command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39759,CVE-2024-39761,CVE-2024-39760 SUMMARY Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlin...
Wavlink AC3000 adm.cgi sch_reboot() OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2033 Wavlink AC3000 adm.cgi schreboot OS command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39781,CVE-2024-39783,CVE-2024-39782 SUMMARY Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink...