Talos 2015 0069
TALOS-2015-0069NAK to the Future: NTP Symmetric Association Authentication Bypass VulnerabilityOct 21, 2015SummaryUnauthenticated off-path attackers can force ntpd processes to peer with malicious time...
View ArticleTalos 2015 0130
TALOS-2015-0130Microsoft .NET Manifest Resource Information Disclosure VulnerabilityDec 8, 2015SummaryAn exploitable information leak or denial of service vulnerability exists in the manifest resource...
View ArticleTalos 2016 0066
TALOS-2016-0066RTMPDump librtmp AMF3 MemberName Denial of Service Vulnerability Jan 7, 2016DescriptionThe vulnerability occurs within the AMF3ReadString function within amf.c. If an attacker sets up a...
View ArticleTalos 2016 0067
TALOS-2016-0067RTMPDump librtmp AMF3 Class Member Count Remote Code Execution VulnerabilityJan 7, 2016DescriptionThe vulnerability occurs within the AMF3CD_AddProp function within amf.c. If an attacker...
View ArticleTalos 2016 0068
TALOS-2016-0068RTMPDump rtmpsrv PlayPath Null Pointer DereferenceJan 7, 2016DescriptionA vulnerability exists in rtmpsrv in which an attacker can entice a user to utilize rtmpsrv to save an RTMP media...
View ArticleTalos 2016 0019
TALOS-2016-0019Apple Quicktime Invalid samr Atom Size Denial of Service VulnerabilityJan 8, 2016DescriptionThere is a denial of service vulnerability in Apple Quicktime. An attacker who can control the...
View ArticleTalos 2016 0020
TALOS-2016-0020Apple Quicktime mdat Corruption Denial of Service VulnerabilityJan 8, 2016DescriptionThere is a denial of service vulnerability in Apple Quicktime. An attacker who can control the...
View ArticleTalos 2016 0021
TALOS-2016-0021Apple Quicktime mdat Corruption Denial of Service VulnerabilityJan 8, 2016DescriptionThere is a denial of service vulnerability in Apple Quicktime. An attacker who can control the...
View ArticleTalos 2016 0022
TALOS-2016-0022Apple Quicktime Invalid alis Atom Size Denial of Service VulnerabilityJan 8, 2016DescriptionThere is a denial of service vulnerability in Apple Quicktime. An attacker who can control the...
View ArticleTalos 2016 0023
TALOS-2016-0023Apple Quicktime dref Atom Null Data Reference Entry Denial of Service VulnerabilityJan 8, 2016DescriptionThere is a denial of service vulnerability in Apple Quicktime. An attacker who...
View ArticleTalos 2016 0071
TALOS-2016-0071Network Time Protocol Skeleton Key: Symmetric Authentication Impersonation VulnerabilityJan 19, 2016Report IDsCVE-2015-7974 (NTP, NTPsec) CVE-2016-1567 (chrony) CERT...
View ArticleTalos 2016 0072
TALOS-2016-0072Network Time Protocol ntpq Buffer Overflow VulnerabilityJan 19, 2016Report IDsCVE-2015-7975 CERT VU#357792Summaryntpq contains a buffer overflow. nextvar() executes a memcpy() into the...
View ArticleTalos 2016 0073
TALOS-2016-0073Network Time Protocol ntpq Special Character Filtering VulnerabilityJan 19, 2016Report IDsCVE-2015-7976 CERT VU#357792SummaryThe ntpq saveconfig command does not do adequate filtering of...
View ArticleTalos 2016 0074
TALOS-2016-0074Network Time Protocol Private Mode 'reslist' NULL Pointer Dereference VulnerabilityJan 19, 2016Report IDsCVE-2015-7977 CERT VU#357792SummaryAn unauthenticated ntpdc reslist command can...
View ArticleTalos 2016 0075
TALOS-2016-0075Network Time Protocol Private Mode 'reslist' Stack Memory Exhaustion VulnerabilityJan 19, 2016Report IDsCVE-2015-7978 CERT VU#357792SummaryAn unauthenticated ntpdc reslist command can...
View ArticleTalos 2016 0076
TALOS-2016-0076Network Time Protocol Authenticated Preemptable Modes Denial-of-Service VulnerabilityJan 19, 2016Report IDsCVE-2015-7979 CERT VU#357792SummaryExpected Behavior:The protocol should...
View ArticleTalos 2016 0077
TALOS-2016-0077Network Time Protocol Origin Timestamp Check Impersonation VulnerabilityJan 19, 2016Report IDsCVE-2015-8138 CERT VU#357792SummaryTo distinguish legitimate peer responses from forgeries,...
View ArticleTalos 2016 0078
TALOS-2016-0078Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure VulnerabilityJan 19, 2016Report IDsCVE-2015-8139 CERT VU#357792SummaryTo prevent off-path attackers from impersonating...
View ArticleTalos 2016 0079
TALOS-2016-0079Network Time Protocol ntpq Control Protocol Replay VulnerabilityJan 19, 2016Report IDsCVE-2015-8140 CERT VU#357792SummaryThe ntpq protocol is vulnerable to replay attacks. The sequence...
View ArticleTalos 2016 0080
TALOS-2016-0080Network Time Protocol ntpq and ntpdc Infinite Loop VulnerabilityJan 19, 2016Report IDsCVE-2015-8158 CERT VU#357792Summaryntpq processes incoming packets in a loop in getresponse(). The...
View Article