2204 matches found
Wavlink AC3000 nas.cgi add_dir() Directory Traversal Vulnerabilities
Talos Vulnerability Report TALOS-2024-2057 Wavlink AC3000 nas.cgi adddir Directory Traversal Vulnerabilities January 14, 2025 CVE Number CVE-2024-39786,CVE-2024-39787 SUMMARY Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.21050...
Wavlink AC3000 internet.cgi set_add_routing() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2021 Wavlink AC3000 internet.cgi setaddrouting buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39288 SUMMARY A buffer overflow vulnerability exists in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 adm.cgi set_MeshAp() arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2024-2031 Wavlink AC3000 adm.cgi setMeshAp arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2024-39370 SUMMARY An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A...
Wavlink AC3000 nas.cgi set_ftp_cfg() Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2056 Wavlink AC3000 nas.cgi setftpcfg Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39788,CVE-2024-39790,CVE-2024-39789 SUMMARY Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavli...
Wavlink AC3000 nas.cgi set_nas() proftpd Configuration Control Vulnerabilities
Talos Vulnerability Report TALOS-2024-2053 Wavlink AC3000 nas.cgi setnas proftpd Configuration Control Vulnerabilities January 14, 2025 CVE Number CVE-2024-39793,CVE-2024-39795,CVE-2024-39794 SUMMARY Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionalit...
OFFIS DCMTK determineMinMax improper array index validation vulnerability
Talos Vulnerability Report TALOS-2024-2121 OFFIS DCMTK determineMinMax improper array index validation vulnerability January 13, 2025 CVE Number CVE-2024-52333 SUMMARY An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially...
OFFIS DCMTK nowindow improper array index validation vulnerability
Talos Vulnerability Report TALOS-2024-2122 OFFIS DCMTK nowindow improper array index validation vulnerability January 13, 2025 CVE Number CVE-2024-47796 SUMMARY An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM fi...
Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability
Talos Vulnerability Report TALOS-2024-2089 Progress WhatsUp Gold SnmpExtendedActiveMonitor path traversal vulnerability January 8, 2025 CVE Number CVE-2024-12105 SUMMARY A path traversal vulnerability exists in the handling of SnmpExtendedActiveMonitor requests in Progress WhatsUp Gold 24.0.1 Bui...
Foxit Reader Checkbox Calculate CBF_Widget Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2093 Foxit Reader Checkbox Calculate CBFWidget Use-After-Free Vulnerability December 18, 2024 CVE Number CVE-2024-49576 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBFWidget object. A specially craft...
Foxit Reader 3D Page Object Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2094 Foxit Reader 3D Page Object Use-After-Free Vulnerability December 18, 2024 CVE Number CVE-2024-47810 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside...
Adobe Acrobat Reader Font Program Function Definition Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2076 Adobe Acrobat Reader Font Program Function Definition Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49534 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A font fil...
Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2064 Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49532 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A...
Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability
Talos Vulnerability Report TALOS-2024-2070 Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability December 11, 2024 CVE Number CVE-2024-49533 SUMMARY An out-of-bounds read vulnerability exists in font handling code of Adobe Acrobat Reader 2024.002.21005. A font file with...
GoCast name parameter OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1960 GoCast name parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-28892 SUMMARY An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary comman...
GoCast NAT parameter OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1961 GoCast NAT parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-29224 SUMMARY An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command...
MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-1953 MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities November 21, 2024 CVE Number CVE-2024-28027,CVE-2024-28025,CVE-2024-28026 SUMMARY Three OS command injection vulnerabilities exist in the web interface I/O...
GoCast HTTP API lack of authentication vulnerability
Talos Vulnerability Report TALOS-2024-1962 GoCast HTTP API lack of authentication vulnerability November 21, 2024 CVE Number CVE-2024-21855 SUMMARY A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary...
MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...
LevelOne WBR-6012 Web Application information disclosure vulnerability
Talos Vulnerability Report TALOS-2024-1986 LevelOne WBR-6012 Web Application information disclosure vulnerability October 30, 2024 CVE Number CVE-2024-33626 SUMMARY The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive...
LevelOne WBR-6012 Web Application buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1997 LevelOne WBR-6012 Web Application buffer overflow vulnerability October 30, 2024 CVE Number CVE-2024-28052 SUMMARY The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while...
LevelOne WBR-6012 Web Application denial of service vulnerability
Talos Vulnerability Report TALOS-2024-2001 LevelOne WBR-6012 Web Application denial of service vulnerability October 30, 2024 CVE Number CVE-2024-33623 SUMMARY A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP...
LevelOne WBR-6012 Web Application improper resource allocation vulnerability
Talos Vulnerability Report TALOS-2024-1982 LevelOne WBR-6012 Web Application improper resource allocation vulnerability October 30, 2024 CVE Number CVE-2024-31152 SUMMARY The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application,...
LevelOne WBR-6012 hard-coded password vulnerability
Talos Vulnerability Report TALOS-2024-1979 LevelOne WBR-6012 hard-coded password vulnerability October 30, 2024 CVE Number CVE-2024-28875,CVE-2024-31151 SUMMARY A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during...
LevelOne WBR-6012 Web Application information disclosure vulnerability
Talos Vulnerability Report TALOS-2024-1985 LevelOne WBR-6012 Web Application information disclosure vulnerability October 30, 2024 CVE Number CVE-2024-33603 SUMMARY The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users ...
LevelOne WBR-6012 Web Application authentication bypass vulnerability
Talos Vulnerability Report TALOS-2024-1996 LevelOne WBR-6012 Web Application authentication bypass vulnerability October 30, 2024 CVE Number CVE-2024-23309 SUMMARY The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance ...
LevelOne WBR-6012 FTP improper input validation vulnerability
Talos Vulnerability Report TALOS-2024-1998 LevelOne WBR-6012 FTP improper input validation vulnerability October 30, 2024 CVE Number CVE-2024-33700 SUMMARY The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers...
LevelOne WBR-6012 Web and FTP cleartext transmission vulnerability
Talos Vulnerability Report TALOS-2024-1983 LevelOne WBR-6012 Web and FTP cleartext transmission vulnerability October 30, 2024 CVE Number CVE-2024-32946 SUMMARY A vulnerability in the LevelOne WBR-6012 router’s firmware version R0.40e6 allows sensitive information to be transmitted in cleartext v...
LevelOne WBR-6012 Web Application cross-site request forgery (CSRF) vulnerability
Talos Vulnerability Report TALOS-2024-1981 LevelOne WBR-6012 Web Application cross-site request forgery CSRF vulnerability October 30, 2024 CVE Number CVE-2024-24777 SUMMARY A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e...
LevelOne WBR-6012 Web Application weak authentication vulnerability
Talos Vulnerability Report TALOS-2024-1984 LevelOne WBR-6012 Web Application weak authentication vulnerability October 30, 2024 CVE Number CVE-2024-33699 SUMMARY The LevelOne WBR-6012 router’s web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the...
NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration
Talos Vulnerability Report TALOS-2024-2013 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration October 23, 2024 CVE Number CVE-2024-0118 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D...
NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2015 NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0119 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10 Driver 555.99...
NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2012 NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0117 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10 Driver 555.99,...
NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-1955 NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0121 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality SAMPLE instruction of NVIDIA D3D10 Driver NVIDIA D3D...
NVIDIA D3D10 Driver Shader Functionality STORE_STRUCTURED instruction out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2014 NVIDIA D3D10 Driver Shader Functionality STORESTRUCTURED instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0120 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10...
GNOME Project G Structured File Library (libgsf) Compound Document Binary File Sector Allocation Table integer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2069 GNOME Project G Structured File Library libgsf Compound Document Binary File Sector Allocation Table integer overflow vulnerability October 3, 2024 CVE Number CVE-2024-42415 SUMMARY An integer overflow vulnerability exists in the Compound Document Binary...
Veertu Anka Build registry archive files directory traversal vulnerability
Talos Vulnerability Report TALOS-2024-2059 Veertu Anka Build registry archive files directory traversal vulnerability October 3, 2024 CVE Number CVE-2024-41163 SUMMARY A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP...
Veertu Anka Build registry log files directory traversal vulnerability
Talos Vulnerability Report TALOS-2024-2061 Veertu Anka Build registry log files directory traversal vulnerability October 3, 2024 CVE Number CVE-2024-41922 SUMMARY A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted...
Veertu Anka Build node agent update privilege escalation vulnerability
Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...
GNOME Project G Structured File Library (libgsf) Compound Document Binary File Directory integer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2068 GNOME Project G Structured File Library libgsf Compound Document Binary File Directory integer overflow vulnerability October 3, 2024 CVE Number CVE-2024-36474 SUMMARY An integer overflow vulnerability exists in the Compound Document Binary File format...
Foxit Reader checkbox Calculate use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...
Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference
Talos Vulnerability Report TALOS-2024-2062 Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference September 25, 2024 CVE Number CVE-2024-38140 SUMMARY A memory corruption vulnerability exists in the Pragmatic General Multicast server in Microsoft Windows 10 Kerne...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP PCCC out-of-bounds read vulnerability
Talos Vulnerability Report TALOS-2024-2004 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP PCCC out-of-bounds read vulnerability September 18, 2024 CVE Number CVE-2024-36981,CVE-2024-36980 SUMMARY An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionalit...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2005 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability September 18, 2024 CVE Number CVE-2024-34026 SUMMARY A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality...
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities
Talos Vulnerability Report TALOS-2024-2016 OpenPLC OpenPLCv3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities September 18, 2024 CVE Number CVE-2024-39590,CVE-2024-39589 SUMMARY Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime...
Microsoft High Definition Audio Bus Driver HDAudBus_DMA multiple irp complete requests vulnerability
Talos Vulnerability Report TALOS-2024-2008 Microsoft High Definition Audio Bus Driver HDAudBusDMA multiple irp complete requests vulnerability September 12, 2024 CVE Number CVE-2024-45383 SUMMARY A mishandling of IRP requests vulnerability exists in the HDAudBusDMA interface of Microsoft High...
Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability
Talos Vulnerability Report TALOS-2024-1980 Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability September 11, 2024 CVE Number CVE-2024-38257 SUMMARY An information disclosure vulnerability exists in the AllJoyn Router Service in Microsoft Windows 10 version...
Adobe Acrobat Reader Annotation Object Page Race Condition Vulnerability
Talos Vulnerability Report TALOS-2024-2011 Adobe Acrobat Reader Annotation Object Page Race Condition Vulnerability September 10, 2024 CVE Number CVE-2024-39420 SUMMARY A time-of-check time-of-use vulnerability exists in Adobe Acrobat Reader 2024.002.20759. A specially crafted Javascript code...
Microsoft Outlook for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1972 Microsoft Outlook for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-42220 SUMMARY A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook’s access...
Microsoft Word for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1977 Microsoft Word for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41165 SUMMARY A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word’s access privileges,...
Microsoft OneNote for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41159 SUMMARY A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access...