Remotely alerts

CVE-2021-21837

on May 31, 2022, 7:01 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21839

on Oct. 7, 2021, 8:33 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21843

on Oct. 7, 2021, 8:33 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21844

on Oct. 7, 2021, 8:33 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21845

on Oct. 7, 2021, 8:31 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21846

on Oct. 7, 2021, 8:31 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21847

on Oct. 7, 2021, 8:31 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21853

on Oct. 7, 2021, 8:31 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21854

on Oct. 7, 2021, 8:31 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21855

on Oct. 7, 2021, 8:31 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21857

on Oct. 7, 2021, 8:31 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21858

on Oct. 7, 2021, 8:22 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21838

on Oct. 7, 2021, 8:12 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-39553

on Sept. 23, 2021, 12:23 a.m.

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in gmem.cc. It allows an attacker to cause Denial of Service.

Learn more

Tags:  ExploitIssue TrackingTechnical Description

CVE-2020-13520

on Sept. 22, 2021, 2:22 p.m.

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.

Learn more

Tags:  ExploitTechnical DescriptionThird Party AdvisoryPatchVendor Advisory

CVE-2021-21775

on Sept. 20, 2021, 12:28 p.m.

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-31609

on Sept. 20, 2021, 12:04 p.m.

The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2021-31785

on Sept. 14, 2021, 1:44 p.m.

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets. Manual user intervention is required to restart the device and restore Bluetooth communication.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2021-31786

on Sept. 14, 2021, 1:42 p.m.

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2016-4074

on June 5, 2022, 3:46 a.m.

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

Learn more

Tags:  Mailing ListThird Party AdvisoryVDB EntryExploitTechnical Description

CVE-2018-17555

on Sept. 13, 2021, 11:35 a.m.

The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.

Learn more

Tags:  ExploitThird Party AdvisoryMitigationUS Government ResourcePatchVendor AdvisoryVDB EntryTechnical Description

CVE-2017-6079

on Sept. 13, 2021, 11:20 a.m.

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2019-15367

on Sept. 13, 2021, 11:20 a.m.

The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

Learn more

Tags:  Third Party AdvisoryTechnical Description

CVE-2015-6028

on Sept. 13, 2021, 10:53 a.m.

Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2021-34144

on Sept. 9, 2021, 11:27 p.m.

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user …

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2021-34149

on Sept. 9, 2021, 11:23 p.m.

The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2021-28155

on Sept. 9, 2021, 11:21 p.m.

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2015-4056

on Sept. 9, 2021, 5:49 p.m.

The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.

Learn more

Tags:  Mailing ListThird Party AdvisoryVDB EntryVendor AdvisoryUS Government ResourceExploitTechnical Description

CVE-2017-9036

on Sept. 9, 2021, 5:47 p.m.

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory.

Learn more

Tags:  ExploitThird Party AdvisoryMitigationUS Government ResourcePatchVendor AdvisoryIssue TrackingMailing ListVDB EntryTechnical Description

CVE-2020-19048

on Sept. 9, 2021, 5:34 p.m.

Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.

Learn more

Tags:  ExploitThird Party AdvisoryUS Government ResourceTechnical DescriptionMitigationPatchVendor Advisory

CVE-2016-6639

on Sept. 9, 2021, 5:16 p.m.

Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for …

Learn more

Tags:  PatchThird Party AdvisoryVDB EntryVendor AdvisoryExploitTechnical Description

CVE-2020-20950

on Sept. 8, 2021, 5:22 p.m.

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-13498

on Sept. 8, 2021, 5:22 p.m.

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13497

on Sept. 8, 2021, 5:22 p.m.

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13496

on June 29, 2022, 8:01 p.m.

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13494

on Sept. 8, 2021, 5:22 p.m.

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13493

on Sept. 8, 2021, 5:22 p.m.

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2018-4878

on April 18, 2022, 2:26 p.m.

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

Learn more

Tags:  Technical DescriptionThird Party AdvisoryVendor Advisory

CVE-2016-7887

on Sept. 8, 2021, 5:19 p.m.

Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.

Learn more

Tags:  Vendor AdvisoryExploitTechnical DescriptionThird Party AdvisoryVDB Entry

CVE-2020-15955

on Aug. 31, 2021, 3:49 p.m.

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker.

Learn more

Tags:  Technical DescriptionThird Party AdvisoryMitigationPatchVendor AdvisoryBroken Link

CVE-2021-21852

on May 31, 2022, 6:38 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21851

on May 31, 2022, 6:58 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21856

on Aug. 24, 2021, 7:18 p.m.

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2018-7821

on Jan. 31, 2022, 7:55 p.m.

An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.

Learn more

Tags:  Vendor AdvisoryExploitMitigationTechnical DescriptionThird Party Advisory

CVE-2021-37588

on Aug. 9, 2021, 6:35 p.m.

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2021-37587

on Aug. 9, 2021, 2:33 p.m.

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2017-9287

on June 13, 2022, 7:18 p.m.

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

Learn more

Tags:  Issue TrackingPatchThird Party AdvisoryVendor AdvisoryExploitVDB EntryMailing ListTechnical Description

CVE-2021-36769

on July 29, 2021, 1:59 p.m.

A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-28598

on Aug. 24, 2022, 7:09 p.m.

An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2019-14483

on July 21, 2021, 11:39 a.m.

AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2019-19837

on July 21, 2021, 11:39 a.m.

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2019-19843

on July 21, 2021, 11:39 a.m.

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2019-5162

on June 13, 2022, 7:58 p.m.

An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-12769

on May 3, 2022, 2:21 p.m.

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.

Learn more

Tags:  ExploitMailing ListPatchTechnical Description

CVE-2020-13431

on July 21, 2021, 11:39 a.m.

I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-13509

on July 21, 2021, 11:39 a.m.

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13510

on July 21, 2021, 11:39 a.m.

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13511

on July 21, 2021, 11:39 a.m.

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13516

on July 21, 2021, 11:39 a.m.

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13517

on July 21, 2021, 11:39 a.m.

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13518

on July 21, 2021, 11:39 a.m.

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13530

on July 21, 2021, 11:39 a.m.

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13539

on July 21, 2021, 11:39 a.m.

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-13540

on July 21, 2021, 11:39 a.m.

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-13541

on July 21, 2021, 11:39 a.m.

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-13551

on July 21, 2021, 11:39 a.m.

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13552

on July 21, 2021, 11:39 a.m.

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13553

on July 21, 2021, 11:39 a.m.

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13555

on June 29, 2022, 8:22 p.m.

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13579

on July 21, 2021, 11:39 a.m.

An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-13759

on July 21, 2021, 11:39 a.m.

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).

Learn more

Tags:  Technical Description

CVE-2020-13856

on July 21, 2021, 11:39 a.m.

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-13859

on July 21, 2021, 11:39 a.m.

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-15302

on July 21, 2021, 11:39 a.m.

In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-15518

on July 21, 2021, 11:39 a.m.

VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-15834

on July 21, 2021, 11:39 a.m.

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-20949

on July 21, 2021, 11:39 a.m.

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-29664

on July 21, 2021, 11:39 a.m.

A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.

Learn more

Tags:  Technical DescriptionThird Party Advisory

CVE-2020-6078

on April 19, 2022, 6:16 p.m.

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-6079

on April 19, 2022, 6:16 p.m.

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-6080

on April 19, 2022, 6:16 p.m.

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-6094

on July 21, 2021, 11:39 a.m.

An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-6106

on May 12, 2022, 5:26 p.m.

An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-6108

on May 12, 2022, 5:26 p.m.

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-8516

on July 21, 2021, 11:39 a.m.

** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a …

Learn more

Tags:  ExploitMitigationTechnical DescriptionThird Party Advisory

CVE-2021-21793

on July 14, 2021, 7:16 p.m.

An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21821

on July 12, 2021, 3:51 p.m.

A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-21807

on July 10, 2021, 3:20 p.m.

An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2020-36405

on July 6, 2021, 9:07 p.m.

Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.

Learn more

Tags:  Technical Description

CVE-2021-29957

on June 30, 2021, 5:30 p.m.

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.

Learn more

Tags:  Release NotesVendor AdvisoryTechnical DescriptionThird Party AdvisoryPatch

CVE-2017-9233

on June 29, 2021, 3:15 p.m.

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

Learn more

Tags:  ExploitTechnical DescriptionVendor Advisory

CVE-2020-13799

on June 29, 2021, 2:29 p.m.

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in …

Learn more

Tags:  Third Party AdvisoryUS Government ResourceExploitTechnical Description

CVE-2020-18663

on June 28, 2021, 8:25 p.m.

Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the act parameter in bbs/move_update.php.

Learn more

Tags:  ExploitTechnical Description

CVE-2021-21777

on Aug. 24, 2022, 9:56 p.m.

An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.

Learn more

Tags:  ExploitThird Party AdvisoryVDB EntryPatchTechnical DescriptionMitigation

CVE-2018-17177

on June 17, 2021, 5:29 p.m.

An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2018-17178

on June 17, 2021, 5:28 p.m.

An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without …

Learn more

Tags:  ExploitTechnical DescriptionThird Party Advisory

CVE-2021-31837

on June 16, 2021, 1:52 p.m.

Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD.

Learn more

Tags:  PatchVendor AdvisoryExploitTechnical DescriptionThird Party AdvisoryVDB Entry

CVE-2016-9775

on June 14, 2021, 6:15 p.m.

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and …

Learn more

Tags:  Mailing ListThird Party AdvisoryVDB EntryTechnical DescriptionIssue Tracking

CVE-2021-32642

on Aug. 19, 2022, 9:15 a.m.

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to …

Learn more

Tags:  Third Party AdvisoryUS Government ResourceTechnical DescriptionExploit

CVE-2021-33590

on June 8, 2021, 1:20 p.m.

GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c.

Learn more

Tags:  ExploitThird Party AdvisoryVendor AdvisoryMitigationTechnical Description