STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server chunked PUT request integer underflow vulnerability STMicroelectronics的X-CUBE-AZRTOS-WL 2.0.0 HTTP服务器存在整数下溢漏洞（CVE-2024-50594），攻击者通过恶意PUT请求可致拒绝服务。多个版本受影响，CVSS评分4.3。... 2025-4-1 23:59:47 | 阅读: 2 | 收藏 | 0day Fans - talosintelligence.com cube azrtos nx software

STMicroelectronics X-CUBE-AZRTOS-F7 HTTP server single PUT request integer underflow vulnerability STMicroelectronics的X-CUBE-AZRTOS-WL 2.0.0 HTTP服务器PUT请求功能存在整数下溢漏洞，可能导致拒绝服务。多个版本受影响，攻击者可利用此漏洞引发资源耗尽。CVSSv3评分为4.3（中等），涉及CVE-2024-50596和CVE-2024-50597。... 2025-4-1 23:59:47 | 阅读: 3 | 收藏 | 0day Fans - talosintelligence.com cube azrtos nx software

STMicroelectronics X-CUBE-AZRTOS-F7 FileX Internal RAM interface buffer overflow vulnerability STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0及多个版本存在缓冲区溢出漏洞（CWE-119），CVSSv3评分为8.5。攻击者可通过HTTP PUT请求触发漏洞，导致代码执行。问题源于RAM磁盘驱动初始化时配置参数超出内存限制。建议开发者检查参数以防止溢出。... 2025-4-1 23:59:47 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com cube azrtos fx nx

Adobe Acrobat Reader Font numGlyphs Out-Of-Bounds Read Vulnerability Adobe Acrobat Reader 2024.005.20320版本中存在一个越界读取漏洞（CWE-125），可能导致敏感信息泄露。该漏洞与OpenType字体处理相关，攻击者通过构造恶意PDF文件可触发此漏洞。... 2025-3-11 23:59:18 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com cooltype ctinit c0c0c0c0 0053 travel

Adobe Acrobat Reader Font hMetric Out-Of-Bounds Read Vulnerability Adobe Acrobat Reader 2024.005.20320版本中存在一个越界读取漏洞，可通过恶意PDF文件触发，导致敏感内存信息泄露。该漏洞源于OpenType字体解析中的hhea和hmtx表处理不当。已修复并发布补丁。... 2025-3-11 23:59:18 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com acrord32 cooltype ctcleanup 0053

Adobe Acrobat Reader Font VariationStore itemVariationDataCount Uninitialized Pointer Vulnerability Adobe Acrobat Reader 2024.005.20320 存在内存破坏漏洞，源于未初始化指针访问。攻击者通过构造恶意字体文件触发该漏洞，可能导致内存破坏和任意代码执行。... 2025-3-11 23:59:18 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com cooltype f3a2a970 0053 travel

miniaudio ma_dr_flac__decode_samples__lpc out-of-bounds write vulnerability SUMMARYAn out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc function... 2025-3-4 00:0:15 | 阅读: 8 | 收藏 | 0day Fans - talosintelligence.com ma miniaudio flac manu corpus

NVIDIA nvJPEG2000 Default Coding Styles Ndecomp buffer overflow vulnerability NVIDIA nvJPEG2000 0.8.0存在一个基于堆的缓冲区溢出漏洞，攻击者可通过特制的JPEG2000文件触发该漏洞，导致内存损坏和任意代码执行。该漏洞源于对Ndecomp参数的不当处理。... 2025-2-10 23:59:45 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com 3557 libnvjpeg2k siz ndecomp nvjpeg2k

NVIDIA nvJPEG2000 Coding Style Component index out-of-bounds write vulnerability NVIDIA nvJPEG2000库版本0.8.0中存在内存损坏漏洞，处理JPEG2000文件时可能导致越界写入和远程代码执行。该漏洞由Talos发现并已修复。... 2025-2-10 23:59:45 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com 300131 libnvjpeg2k csiz ubyte nvjpeg2k

NVIDIA nvJPEG2000 Ndecomp heap-based buffer overflow vulnerability NVIDIA nvJPEG2000 0.8.0 存在基于堆的缓冲区溢出漏洞。攻击者可通过特制 JPEG2000 文件触发该漏洞，导致相邻堆内存被覆盖，进而引发内存破坏和任意代码执行。该漏洞已修复。... 2025-2-10 23:59:45 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com 148121 libnvjpeg2k csiz ndecomp ccoc

ClearML Vault API disabled vaults retrieval vulnerability ClearML Enterprise Server 3.22.5-1533 存在信息泄露漏洞，攻击者可通过恶意 HTTP 请求访问被禁用的 Vault，导致敏感凭证泄露。修复建议是修改 API 以排除禁用的全局 Vault 项。... 2025-2-5 23:59:32 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com clearml vaults somedomain 1533 lies

ClearML dataset upload XSS vulnerability ClearML Enterprise Server 3.22.5-1533版本存在跨站脚本（XSS）漏洞，允许攻击者通过上传恶意HTML文件在用户浏览器中执行任意脚本。建议修复措施包括设置Content-Disposition头为attachment、实施严格CSP策略以及可选的HTML内容净化。... 2025-2-5 23:59:32 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com clearml security attacker 1533 malicious

Observium add_alert_check cross-site scripting (XSS) vulnerability SUMMARYA cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium... 2025-1-14 23:59:26 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com observium stringify attacker network php

Observium vlan html code injection vulnerability SUMMARYA html code injection vulnerability exists in the vlan management part of Observium CE 24.4... 2025-1-14 23:59:26 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com vlan observium attacker network 10px

Observium mapname cross-site scripting (XSS) vulnerability SUMMARYA cross-site scripting (xss) vulnerability exists in the weather map editor functionality o... 2025-1-14 23:59:26 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com observium mapname 3a0 php attacker

OFFIS DCMTK nowindow improper array index validation vulnerability SUMMARYAn improper array index validation vulnerability exists in the nowindow functionality of OF... 2025-1-13 00:0:13 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com dcmtk dcmimgle manu redzone ofstatic

OFFIS DCMTK determineMinMax improper array index validation vulnerability SUMMARYAn improper array index validation vulnerability exists in the determineMinMax functionalit... 2025-1-13 00:0:13 | 阅读: 0 | 收藏 | 0day Fans - talosintelligence.com dcmtk manu libsrc dcmimgle