Vulnerability Reports

Current Report Totals for 2024

96

Open Reported Zero-DaysReported to the vendor but not yet publicly disclosed.

204

Publicly Disclosed Vulnerabilities

Report ID Title Report Date CVE Number CVSS Score
TALOS-2024-1961 GoCast NAT parameter OS command injection vulnerability 2024-11-21 CVE-2024-29224 9.8
TALOS-2024-1962 GoCast HTTP API lack of authentication vulnerability 2024-11-21 CVE-2024-21855 9.8
TALOS-2024-1960 GoCast name parameter OS command injection vulnerability 2024-11-21 CVE-2024-28892 9.8
TALOS-2024-1953 MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities 2024-11-21 CVE-2024-28027,CVE-2024-28025,CVE-2024-28026 7.2
TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability 2024-11-21 CVE-2024-21786 7.2
TALOS-2024-1986 LevelOne WBR-6012 Web Application information disclosure vulnerability 2024-10-30 CVE-2024-33626 5.3
TALOS-2024-1996 LevelOne WBR-6012 Web Application authentication bypass vulnerability 2024-10-30 CVE-2024-23309 9.0
TALOS-2024-1998 LevelOne WBR-6012 FTP improper input validation vulnerability 2024-10-30 CVE-2024-33700 7.5
TALOS-2024-1979 LevelOne WBR-6012 hard-coded password vulnerability 2024-10-30 CVE-2024-28875,CVE-2024-31151 8.1
TALOS-2024-1982 LevelOne WBR-6012 Web Application improper resource allocation vulnerability 2024-10-30 CVE-2024-31152 5.3
TALOS-2024-1981 LevelOne WBR-6012 Web Application cross-site request forgery (CSRF) vulnerability 2024-10-30 CVE-2024-24777 8.8
TALOS-2024-1983 LevelOne WBR-6012 Web and FTP cleartext transmission vulnerability 2024-10-30 CVE-2024-32946 5.9
TALOS-2024-1984 LevelOne WBR-6012 Web Application weak authentication vulnerability 2024-10-30 CVE-2024-33699 9.9
TALOS-2024-2001 LevelOne WBR-6012 Web Application denial of service vulnerability 2024-10-30 CVE-2024-33623 3.7
TALOS-2024-1997 LevelOne WBR-6012 Web Application buffer overflow vulnerability 2024-10-30 CVE-2024-28052 5.3
TALOS-2024-1985 LevelOne WBR-6012 Web Application information disclosure vulnerability 2024-10-30 CVE-2024-33603 5.3
TALOS-2024-1955 NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability 2024-10-23 CVE-2024-0121 7.8
TALOS-2024-2012 NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability 2024-10-23 CVE-2024-0117 7.8
TALOS-2024-2013 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration 2024-10-23 CVE-2024-0118 7.8
TALOS-2024-2014 NVIDIA D3D10 Driver Shader Functionality STORE_STRUCTURED instruction out-of-bounds read vulnerability 2024-10-23 CVE-2024-0120 7.8
TALOS-2024-2015 NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability 2024-10-23 CVE-2024-0119 7.8
TALOS-2024-2069 GNOME Project G Structured File Library (libgsf) Compound Document Binary File Sector Allocation Table integer overflow vulnerability 2024-10-03 CVE-2024-42415 8.4
TALOS-2024-2068 GNOME Project G Structured File Library (libgsf) Compound Document Binary File Directory integer overflow vulnerability 2024-10-03 CVE-2024-36474 8.4
TALOS-2024-2059 Veertu Anka Build registry archive files directory traversal vulnerability 2024-10-03 CVE-2024-41163 7.5
TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability 2024-10-03 CVE-2024-39755 7.8
TALOS-2024-2061 Veertu Anka Build registry log files directory traversal vulnerability 2024-10-03 CVE-2024-41922 7.5
TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability 2024-10-02 CVE-2024-28888 8.8
TALOS-2024-2062 Microsoft Pragmatic General Multicast Server PgmCloseConnection stale memory dereference 2024-09-25 CVE-2024-38140 9.8
TALOS-2024-2016 OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser invalid pointer dereference vulnerabilities 2024-09-18 CVE-2024-39590,CVE-2024-39589 7.5
TALOS-2024-2005 OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability 2024-09-18 CVE-2024-34026 9.0
TALOS-2024-2004 OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP PCCC out-of-bounds read vulnerability 2024-09-18 CVE-2024-36981,CVE-2024-36980 7.5
TALOS-2024-2008 Microsoft High Definition Audio Bus Driver HDAudBus_DMA multiple irp complete requests vulnerability 2024-09-12 CVE-2024-45383 5.0
TALOS-2024-1980 Microsoft Windows 10 AllJoyn Router Service information disclosure vulnerability 2024-09-11 CVE-2024-38257 5.3
TALOS-2024-2011 Adobe Acrobat Reader Annotation Object Page Race Condition Vulnerability 2024-09-10 CVE-2024-39420 8.8
TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability 2024-08-19 CVE-2024-41159 7.1
TALOS-2024-1972 Microsoft Outlook for macOS library injection vulnerability 2024-08-19 CVE-2024-42220 7.1
TALOS-2024-1973 Microsoft Teams (work or school) for macOS library injection vulnerability 2024-08-19 CVE-2024-42004 7.1
TALOS-2024-1974 Microsoft PowerPoint for macOS library injection vulnerability 2024-08-19 CVE-2024-39804 7.1
TALOS-2024-1976 Microsoft Excel for macOS library injection vulnerability 2024-08-19 CVE-2024-43106 7.1
TALOS-2024-1990 Microsoft Teams (work or school) for macOS WebView.app helper app library injection vulnerability 2024-08-19 CVE-2024-41145 7.1
TALOS-2024-1977 Microsoft Word for macOS library injection vulnerability 2024-08-19 CVE-2024-41165 7.1
TALOS-2024-1991 Microsoft Teams (work or school) for macos com.microsoft.teams2.modulehost.app helper app library injection vulnerability 2024-08-19 CVE-2024-41138 7.1
TALOS-2024-1969 Microsoft Windows CLIPSP.SYS License Update Field Type 0x20 out-of-bounds read vulnerability 2024-08-13 CVE-2024-38187 6.8
TALOS-2024-2003 Adobe Acrobat Reader Font Packed Point Numbers Out-Of-Bounds Read Vulnerability 2024-08-13 CVE-2024-41835 6.5
TALOS-2024-1965 Microsoft CLIPSP.SYS License update out-of-bounds read vulnerability 2024-08-13 CVE-2024-38185 8.4
TALOS-2024-2009 Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability 2024-08-13 CVE-2024-41830 8.8
TALOS-2024-1988 Microsoft CLIPSP.SYS License Update out-of-bounds read vulnerability 2024-08-13 None 7.4
TALOS-2024-1971 Microsoft Windows CLIPSP.SYS License Update Field Type 0xCC out-of-bounds read vulnerability 2024-08-13 None 6.8
TALOS-2024-2002 Adobe Acrobat Reader Font gvar TupleVariation Data Out-Of-Bounds Read Vulnerability 2024-08-13 CVE-2024-41832 6.5
TALOS-2024-1968 Microsoft Windows CLIPSP.SYS License Update Field Type 0xC9 out-of-bounds read vulnerability 2024-08-13 None,CVE-2024-38062 6.8
TALOS-2024-1970 Microsoft Windows CLIPSP.SYS License Update Field Type 0xD3 out-of-bounds read vulnerability 2024-08-13 None 6.8
TALOS-2024-1966 Microsoft CLIPSP.SYS License update privilege escalation vulnerability 2024-08-13 CVE-2024-38186 7.4
TALOS-2024-1964 Microsoft CLIPSP.SYS License update signature check bypass vulnerability 2024-08-13 CVE-2024-38184 6.2
TALOS-2024-1956 NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability 2024-07-23 CVE-2024-0107 7.8
TALOS-2024-1992 Ankitects Anki Latex Incomplete Blocklist Vulnerability 2024-07-22 CVE-2024-29073 5.3
TALOS-2024-1994 Ankitects Anki LaTeX Blocklist Bypass vulnerability 2024-07-22 CVE-2024-32152 3.1
TALOS-2024-1995 Ankitects Anki Flask Invalid Path Reflected Cross-Site Scripting (XSS) vulnerability 2024-07-22 CVE-2024-32484 7.4
TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability 2024-07-22 CVE-2024-26020 9.6
TALOS-2023-1895 Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities 2024-07-08 CVE-2023-50243,CVE-2023-50244 7.2
TALOS-2023-1874 Realtek rtl819x Jungle SDK boa formUpload firmware update vulnerability 2024-07-08 CVE-2023-34435 7.2
TALOS-2023-1871 LevelOne WBR-6013 telnetd hard-coded password vulnerability 2024-07-08 CVE-2023-46685 9.8
TALOS-2023-1873 LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability 2024-07-08 CVE-2023-49593 7.2
TALOS-2023-1875 Realtek rtl819x Jungle SDK boa formFilter stack-based buffer overflow vulnerability 2024-07-08 CVE-2023-49073 7.2
TALOS-2023-1877 Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability 2024-07-08 CVE-2023-45742 7.2
TALOS-2023-1891 Realtek rtl819x Jungle SDK boa setRepeaterSsid stack-based buffer overflow vulnerability 2024-07-08 CVE-2023-45215 7.2
TALOS-2023-1892 Realtek rtl819x Jungle SDK boa set_RadvdPrefixParam stack-based buffer overflow vulnerability 2024-07-08 CVE-2023-47856 7.2
TALOS-2023-1894 Realtek rtl819x Jungle SDK boa formRoute stack-based buffer overflow vulnerability 2024-07-08 CVE-2023-41251 7.2
TALOS-2023-1903 Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability 2024-07-08 CVE-2023-50330 7.2
TALOS-2024-1911 Realtek rtl819x Jungle SDK configuration file mib_init_value_array heap-based buffer overflow vulnerability 2024-07-08 CVE-2024-21778 7.2
TALOS-2023-1904 Realtek rtl819x Jungle SDK boa formWsc stack-based buffer overflow vulnerability 2024-07-08 CVE-2023-49867 7.2
TALOS-2023-1899 Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities 2024-07-08 CVE-2023-50381,CVE-2023-50383,CVE-2023-50382 7.2
TALOS-2023-1872 Realtek rtl819x Jungle SDK boa CSRF protection cross-site request forgery (CSRF) vulnerability 2024-07-08 CVE-2023-47677 8.8
TALOS-2023-1893 Realtek rtl819x Jungle SDK boa set_RadvdInterfaceParam stack-based buffer overflow vulnerabilities 2024-07-08 CVE-2023-50239,CVE-2023-50240 7.2
TALOS-2023-1876 Realtek rtl819x Jungle SDK boa formDnsv6 stack-based buffer overflow vulnerability 2024-07-08 CVE-2023-48270 7.2
TALOS-2023-1878 Realtek rtl819x Jungle SDK boa rollback_control_code stack-based buffer overflow vulnerability 2024-07-08 CVE-2023-49595 7.2
TALOS-2024-1978 Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection vulnerability 2024-07-03 CVE-2024-32937 8.1
TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability 2024-06-26 CVE-2024-5011 7.5
TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities 2024-06-26 CVE-2024-5010 7.5
TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability 2024-06-26 CVE-2024-5017 6.5
TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability 2024-06-25 CVE-2024-21827 7.2
TALOS-2024-1938 AutomationDirect P3-550E Programming Software Connection FileSystem API out-of-bounds write vulnerabilities 2024-05-28 CVE-2024-24956,CVE-2024-24957,CVE-2024-24959,CVE-2024-24958,CVE-2024-24955,CVE-2024-24954 8.2
TALOS-2024-1943 AutomationDirect P3-550E Programming Software Connection scan_lib.bin library code injection vulnerability 2024-05-28 CVE-2024-23601 9.8
TALOS-2024-1930 libigl readNODE out-of-bounds write vulnerability 2024-05-28 CVE-2024-22181 7.8
TALOS-2024-1989 Foxit Reader Updater improper certificate validation privilege escalation vulnerability 2024-05-28 CVE-2024-29072 8.2
TALOS-2023-1784 libigl readOFF stack-based buffer overflow vulnerabilities 2024-05-28 CVE-2023-35950,CVE-2023-35953,CVE-2023-35952,CVE-2023-35951,CVE-2023-35949 7.8
TALOS-2024-1929 libigl readOFF stack-based buffer overflow vulnerability 2024-05-28 CVE-2024-24686,CVE-2024-24685,CVE-2024-24684 7.8
TALOS-2023-1879 libigl PlyFile ply_cast_ascii out-of-bounds write vulnerability 2024-05-28 CVE-2023-49600 8.1
TALOS-2024-1941 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Read-What-Where vulnerability 2024-05-28 CVE-2024-23315 7.5
TALOS-2024-1928 libigl readMSH out-of-bounds read vulnerability 2024-05-28 CVE-2024-24583,CVE-2024-24584 4.3
TALOS-2024-1926 libigl readMSH improper array index validation vulnerability 2024-05-28 CVE-2024-23948,CVE-2024-23951,CVE-2024-23947,CVE-2024-23950,CVE-2024-23949 8.8
TALOS-2024-1936 AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability 2024-05-28 CVE-2024-24851 7.5
TALOS-2024-1937 AutomationDirect P3-550E Programming Software Connection CurrDir heap-based buffer overflow vulnerability 2024-05-28 CVE-2024-24947,CVE-2024-24946 8.2
TALOS-2024-1939 AutomationDirect P3-550E Programming Software Connection FileSelect stack-based buffer overflow vulnerability 2024-05-28 CVE-2024-24963,CVE-2024-24962 9.8
TALOS-2024-1940 AutomationDirect P3-550E Programming Software Connection Remote Memory Diagnostics Write-What-Where vulnerability 2024-05-28 CVE-2024-22187 9.1
TALOS-2024-1942 AutomationDirect P3-550E Telnet Diagnostic Interface leftover debug code vulnerability 2024-05-28 CVE-2024-21785 9.8
TALOS-2024-1946 Adobe Acrobat Reader Font gvar GlyphVariationData out-of-bounds read vulnerability 2024-05-15 CVE-2024-30311 6.5
TALOS-2024-1952 Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability 2024-05-15 CVE-2024-30312 6.5
TALOS-2023-1846 stb stb_vorbis.c comment heap-based buffer overflow vulnerability 2024-05-01 CVE-2023-47212 9.8
TALOS-2023-1852 Milesight UR32L luci2-io file-import firmware update vulnerability 2024-05-01 CVE-2023-47166 8.8
TALOS-2023-1889 Tinyproxy HTTP Connection Headers use-after-free vulnerability 2024-05-01 CVE-2023-49606 9.8
TALOS-2024-1963 Foxit Reader Lock object fields property type confusion vulnerability 2024-04-30 CVE-2024-25575 8.8
TALOS-2024-1958 Foxit Reader Barcode widget Calculate event use-after-free vulnerability 2024-04-30 CVE-2024-25938 8.8
TALOS-2024-1959 Foxit Reader ComboBox widget Format event use-after-free vulnerability 2024-04-30 CVE-2024-25648 8.8
TALOS-2024-1944 Grassroot DICOM RAWCodec::DecodeBytes out-of-bounds read vulnerability 2024-04-25 CVE-2024-25569 6.5
TALOS-2024-1924 Grassroot DICOM LookupTable::SetLUT out-of-bounds write vulnerability 2024-04-25 CVE-2024-22391 7.7
TALOS-2024-1935 Grassroot DICOM JPEG2000Codec::DecodeByStreamsCommon out-of-bounds write vulnerability 2024-04-25 CVE-2024-22373 8.1
TALOS-2024-1957 OFFIS DCMTK DVPSSoftcopyVOI_PList::createFromImage incorrect type conversion vulnerability 2024-04-23 CVE-2024-28130 7.5
TALOS-2024-1945 Silicon Labs Gecko Platform HTTP server header parsing invalid pointer dereference vulnerability 2024-04-18 CVE-2023-51391 7.5
TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability 2024-04-17 CVE-2023-40146 6.8
TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability 2024-04-17 CVE-2023-43491 5.3
TALOS-2023-1867 Peplink Smart Reader web interface mac2name OS command injection vulnerability 2024-04-17 CVE-2023-39367 9.1
TALOS-2023-1865 Peplink Smart Reader web interface /cgi-bin/download_config.cgi information disclosure vulnerability 2024-04-17 CVE-2023-45209 5.3
TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability 2024-04-17 CVE-2023-45744 8.3
TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability 2024-04-10 CVE-2024-21972 5.3
TALOS-2023-1847 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability 2024-04-10 CVE-2024-21979 5.3
TALOS-2023-1888 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface Radio Scheduling stack-based buffer overflow vulnerability 2024-04-09 CVE-2023-49907,CVE-2023-49910,CVE-2023-49911,CVE-2023-49908,CVE-2023-49912,CVE-2023-49909,CVE-2023-49906,CVE-2023-49913 7.2
TALOS-2023-1862 tddpd enable_test_mode command execution vulnerability 2024-04-09 CVE-2023-49133,CVE-2023-49134 8.1
TALOS-2023-1861 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability 2024-04-09 CVE-2023-49074 7.4
TALOS-2023-1864 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface memory corruption vulnerability 2024-04-09 CVE-2023-48724 7.5
TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability 2024-04-03 CVE-2024-22178 4.9
TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability 2024-04-03 CVE-2024-21870 4.9
TALOS-2024-1949 Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability 2024-04-03 CVE-2024-27201 4.9
TALOS-2024-1948 Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability 2024-04-03 CVE-2024-24976 4.9
TALOS-2023-1887 Netgear RAX30 JSON Parsing getblockschedule() stack-based buffer overflow vulnerability 2024-03-07 CVE-2023-48725 7.2
TALOS-2023-1849 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability 2024-02-29 CVE-2024-0071 7.8
TALOS-2023-1870 Google Chrome Video Encoder Metrics denial of service vulnerability 2024-02-28 None 4.6
TALOS-2024-1912 llama.cpp GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing heap-based buffer overflow vulnerability 2024-02-26 CVE-2024-21825 8.8
TALOS-2024-1915 llama.cpp GGUF library header.n_tensors heap-based buffer overflow vulnerability 2024-02-26 CVE-2024-21836 8.8
TALOS-2024-1914 llama.cpp GGUF library info->ne heap-based buffer overflow vulnerability 2024-02-26 CVE-2024-21802 8.8
TALOS-2024-1916 llama.cpp GGUF library header.n_kv heap-based buffer overflow vulnerability 2024-02-26 CVE-2024-23605 8.8
TALOS-2024-1913 llama.cpp GGUF library gguf_fread_str heap-based buffer overflow vulnerability 2024-02-26 CVE-2024-23496 8.8
TALOS-2024-1920 The Biosig Project libbiosig .egi parsing heap-based buffer overflow vulnerability 2024-02-20 CVE-2024-21795 9.8
TALOS-2024-1922 The Biosig Project libbiosig sopen_FAMOS_read integer underflow to out-of-bounds write vulnerability 2024-02-20 CVE-2024-23313 9.8
TALOS-2024-1923 The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability 2024-02-20 CVE-2024-23310 9.8
TALOS-2024-1925 The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability 2024-02-20 CVE-2024-23606 9.8
TALOS-2023-1829 Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability 2024-02-20 CVE-2023-38562 8.7
TALOS-2024-1918 The Biosig Project libbiosig BrainVisionMarker Parsing Out-of-bounds Write vulnerability 2024-02-20 CVE-2024-23305 9.8
TALOS-2024-1917 The Biosig Project libbiosig BrainVision Header Parsing double-free vulnerability 2024-02-20 CVE-2024-22097 9.8
TALOS-2023-1828 Weston Embedded uC-TCP-IP ICMP/ICMPv6 parsing denial of service vulnerabilities 2024-02-20 CVE-2023-39540,CVE-2023-39541 5.9
TALOS-2024-1931 Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities 2024-02-20 CVE-2024-24793,CVE-2024-24794 8.1
TALOS-2023-1843 Weston Embedded uC-HTTP HTTP Server heap-based buffer overflow vulnerability 2024-02-20 CVE-2023-45318 10.0
TALOS-2024-1919 The Biosig Project libbiosig BrainVision ASCII Header Parsing double-free vulnerability 2024-02-20 CVE-2024-23809 9.8
TALOS-2024-1921 The Biosig Project libbiosig sopen_FAMOS_read integer overflow to out-of-bounds write vulnerability 2024-02-20 CVE-2024-21812 9.8
TALOS-2023-1890 Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability 2024-02-15 CVE-2024-20729 8.8
TALOS-2023-1901 Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability 2024-02-15 CVE-2024-20731 8.8
TALOS-2023-1905 Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability 2024-02-15 CVE-2024-20735 6.5
TALOS-2023-1906 Adobe Acrobat Reader Font CPAL integer overflow vulnerability 2024-02-15 CVE-2024-20730 8.8
TALOS-2023-1909 Adobe Acrobat Reader Font avar SegmentMaps out-of-bounds read vulnerability 2024-02-15 CVE-2024-20748 6.5
TALOS-2023-1910 Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability 2024-02-15 CVE-2024-20749 6.5
TALOS-2023-1908 Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability 2024-02-15 CVE-2024-20747 6.5
TALOS-2023-1854 TP-Link ER7206 Omada Gigabit VPN Router uhttpd ipsec command injection vulnerability 2024-02-06 CVE-2023-47209 7.2
TALOS-2023-1850 TP-Link ER7206 Omada Gigabit VPN Router uhttpd freeStrategy Command injection Vulnerability 2024-02-06 CVE-2023-43482 7.2
TALOS-2023-1853 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability 2024-02-06 CVE-2023-36498 7.2
TALOS-2023-1855 TP-Link ER7206 Omada Gigabit VPN Router uhttpd GRE command injection vulnerability 2024-02-06 CVE-2023-47167 7.2
TALOS-2023-1856 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP global config Command injection Vulnerability 2024-02-06 CVE-2023-42664 7.2
TALOS-2023-1858 TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability 2024-02-06 CVE-2023-47617 7.2
TALOS-2023-1859 TP-Link ER7206 Omada Gigabit VPN Router uhttpd web filtering Command injection Vulnerability 2024-02-06 CVE-2023-47618 7.2
TALOS-2023-1857 TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability 2024-02-06 CVE-2023-46683 7.2
TALOS-2023-1884 WWBN AVideo channelBody.php user name cross-site scripting (XSS) vulnerability 2024-01-10 CVE-2023-47861 9.0
TALOS-2023-1898 WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability 2024-01-10 CVE-2023-49810 7.3
TALOS-2023-1869 WWBN AVideo aVideoEncoder.json.php chunkFile path information disclosure vulnerability 2024-01-10 CVE-2023-47171 6.5
TALOS-2023-1900 WWBN AVideo salt generation insufficient entropy vulnerability 2024-01-10 CVE-2023-49599 9.8
TALOS-2023-1885 WWBN AVideo import.json.php temporary copy unrestricted php file upload vulnerability 2024-01-10 CVE-2023-49715 4.3
TALOS-2023-1880 WWBN AVideo aVideoEncoderReceiveImage.json.php image upload information disclosure vulnerability 2024-01-10 CVE-2023-49864,CVE-2023-49863,CVE-2023-49862 6.5
TALOS-2023-1883 WWBN AVideo functiongetOpenGraph videoName cross-site scripting (XSS) vulnerability 2024-01-10 CVE-2023-48728 9.6
TALOS-2023-1882 WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting (XSS) vulnerability 2024-01-10 CVE-2023-48730 8.5
TALOS-2023-1897 WWBN AVideo userRecoverPass.php captcha validation recovery notification bypass vulnerability 2024-01-10 CVE-2023-50172 5.3
TALOS-2023-1881 WWBN AVideo image404Raw.php information disclosure vulnerability 2024-01-10 CVE-2023-49738 7.5
TALOS-2023-1896 WWBN AVideo userRecoverPass.php recoverPass generation insufficient entropy vulnerability 2024-01-10 CVE-2023-49589 8.8
TALOS-2023-1886 WWBN AVideo getLanguageFromBrowser local file inclusion vulnerability 2024-01-10 CVE-2023-47862 9.8
TALOS-2023-1823 GTKWave LXT2 zlib block decompression out-of-bounds write vulnerability 2024-01-08 CVE-2023-38657 7.8
TALOS-2023-1851 ManageEngine OpManager uploadMib directory traversal vulnerability 2024-01-08 CVE-2023-47211 9.1
TALOS-2023-1815 GTKWave VZT vzt_rd_block_vch_decode dict parsing integer overflow vulnerabilities 2024-01-08 CVE-2023-38653,CVE-2023-38652 7.0
TALOS-2023-1816 GTKWave VZT longest_len value allocation integer overflow vulnerability 2024-01-08 CVE-2023-35004 7.8
TALOS-2023-1827 GTKWave LXT2 lxt2_rd_expand_integer_to_bits stack-based buffer overflow vulnerability 2024-01-08 CVE-2023-38583 7.8
TALOS-2023-1824 GTKWave LXT2 lxt2_rd_iter_radix shift operation integer underflow vulnerabilities 2024-01-08 CVE-2023-39413,CVE-2023-39414 7.0
TALOS-2023-1822 GTKWave LXT2 zlib block allocation integer overflow vulnerability 2024-01-08 CVE-2023-35989 7.8
TALOS-2023-1819 GTKWave LXT2 num_time_table_entries out-of-bounds write vulnerability 2024-01-08 CVE-2023-34436 7.8
TALOS-2023-1817 GTKWave VZT vzt_rd_process_block autosort out-of-bounds write vulnerabilities 2024-01-08 CVE-2023-39235,CVE-2023-39234 7.8
TALOS-2023-1811 GTKWave VZT LZMA_read_varint out-of-bounds write vulnerability 2024-01-08 CVE-2023-36861 7.8
TALOS-2023-1814 GTKWave VZT vzt_rd_block_vch_decode times parsing integer overflow vulnerabilities 2024-01-08 CVE-2023-38651,CVE-2023-38650 7.0
TALOS-2023-1807 GTKWave VCD sorted bsearch arbitrary write vulnerabilities 2024-01-08 CVE-2023-37921,CVE-2023-37923,CVE-2023-37922 7.8
TALOS-2023-1797 GTKWave FST fstReaderIterBlocks2 temp_signal_value_buf allocation integer overflow vulnerability 2024-01-08 CVE-2023-36864 7.8
TALOS-2023-1826 GTKWave LXT2 lxt2_rd_get_facname decompression out-of-bounds write vulnerabilities 2024-01-08 CVE-2023-39443,CVE-2023-39444 7.8
TALOS-2023-1777 GTKWave FST FST_BL_GEOM parsing maxhandle integer overflow vulnerability 2024-01-08 CVE-2023-32650 7.0
TALOS-2023-1793 GTKWave FST fstReaderIterBlocks2 fstWritex len heap-based buffer overflow vulnerabilities 2024-01-08 CVE-2023-36747,CVE-2023-36746 7.0
TALOS-2023-1798 GTKWave FST fstReaderIterBlocks2 chain_table allocation integer overflow vulnerabilities 2024-01-08 CVE-2023-36915,CVE-2023-36916 7.8
TALOS-2023-1805 GTKWave VCD var definition section out-of-bounds read vulnerabilities 2024-01-08 CVE-2023-37447,CVE-2023-37446,CVE-2023-37445,CVE-2023-37444,CVE-2023-37442,CVE-2023-37443 7.8
TALOS-2023-1786 GTKWave decompression OS command injection vulnerabilities 2024-01-08 CVE-2023-35963,CVE-2023-35960,CVE-2023-35964,CVE-2023-35959,CVE-2023-35961,CVE-2023-35962 7.8
TALOS-2023-1806 GTKWave VCD get_vartoken realloc use-after-free vulnerabilities 2024-01-08 CVE-2023-37576,CVE-2023-37577,CVE-2023-37573,CVE-2023-37578,CVE-2023-37575,CVE-2023-37574 7.8
TALOS-2023-1804 GTKWave VCD parse_valuechange portdump out-of-bounds write vulnerabilities 2024-01-08 CVE-2023-37416,CVE-2023-37419,CVE-2023-37420,CVE-2023-37418,CVE-2023-37417 7.8
TALOS-2023-1791 GTKWave FST fstReaderIterBlocks2 tdelta improper array index validation vulnerabilities 2024-01-08 CVE-2023-35994,CVE-2023-35996,CVE-2023-35997,CVE-2023-35995 7.8
TALOS-2023-1790 GTKWave FST fstReaderIterBlocks2 vesc allocation integer overflow vulnerability 2024-01-08 CVE-2023-35992 7.0
TALOS-2023-1789 GTKWave FST fstReaderIterBlocks2 chain_table parsing heap-based buffer overflow vulnerabilities 2024-01-08 CVE-2023-35969,CVE-2023-35970 7.8
TALOS-2023-1803 GTKWave EVCD var len parsing improper array index validation vulnerability 2024-01-08 CVE-2023-34087 7.8
TALOS-2023-1785 GTKWave FST fstReaderIterBlocks2 VCDATA parsing heap-based buffer overflow vulnerabilities 2024-01-08 CVE-2023-35956,CVE-2023-35957,CVE-2023-35958,CVE-2023-35955 7.8
TALOS-2023-1792 GTKWave FST fstReaderIterBlocks2 time_table tsec_nitems integer overflow vulnerability 2024-01-08 CVE-2023-35128 7.0
TALOS-2023-1818 GTKWave LXT2 facgeometry parsing integer overflow vulnerabilities 2024-01-08 CVE-2023-39273,CVE-2023-39271,CVE-2023-39274,CVE-2023-39275,CVE-2023-39272,CVE-2023-39270 7.8
TALOS-2023-1812 GTKWave VZT facgeometry parsing integer overflow vulnerabilities 2024-01-08 CVE-2023-38618,CVE-2023-38621,CVE-2023-38620,CVE-2023-38619,CVE-2023-38623,CVE-2023-38622 7.8
TALOS-2023-1810 GTKWave VZT LZMA_Read dmem extraction out-of-bounds write vulnerability 2024-01-08 CVE-2023-37282 7.8
TALOS-2023-1813 GTKWave VZT vzt_rd_get_facname decompression out-of-bounds write vulnerabilities 2024-01-08 CVE-2023-38649,CVE-2023-38648 7.8
TALOS-2023-1820 GTKWave LXT2 num_dict_entries integer overflow vulnerabilities 2024-01-08 CVE-2023-39316,CVE-2023-39317 7.8
TALOS-2023-1821 GTKWave LXT2 lxt2_rd_trace value elements allocation integer overflow vulnerability 2024-01-08 CVE-2023-35057 7.8
TALOS-2023-1783 GTKWave FST LEB128 varint stack-based buffer overflow vulnerabilities 2024-01-08 CVE-2023-35704,CVE-2023-35703,CVE-2023-35702 7.8
TALOS-2023-1907 instipod DuoUniversalKeycloakAuthenticator challenge information disclosure vulnerability 2023-12-23 CVE-2023-49594 4.5
TALOS-2023-1860 GPSd NTRIP Stream Parsing access violation vulnerability 2023-12-05 CVE-2023-43628 5.9
TALOS-2023-1844 Buildroot package hash checking data integrity vulnerabilities 2023-12-05 CVE-2023-45841,CVE-2023-45842,CVE-2023-45838,CVE-2023-45839,CVE-2023-45840 8.1
TALOS-2023-1845 Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability 2023-12-05 CVE-2023-43608 8.1
TALOS-2023-1838 Foxit Reader field value property type confusion vulnerability 2023-11-27 CVE-2023-41257 8.8
TALOS-2023-1839 Foxit Reader signature field OnBlur event use-after-free vulnerability 2023-11-27 CVE-2023-38573 8.8
TALOS-2023-1833 Foxit Reader Javascript exportDataObject arbitrary file creation vulnerability 2023-11-27 CVE-2023-40194 8.8
TALOS-2023-1834 Foxit Reader Javascript exportDataObject HTA file creation vulnerability 2023-11-27 CVE-2023-35985 8.8
TALOS-2023-1837 Foxit Reader 3D Annot use-after-free vulnerability 2023-11-27 CVE-2023-32616 8.8
TALOS-2023-1748 WPS Office ET Data use of uninitialized pointer vulnerability 2023-11-27 CVE-2023-31275 8.8
TALOS-2023-1832 Foxit Reader Javascript saveAs arbitrary file creation vulnerability 2023-11-27 CVE-2023-39542 8.8
TALOS-2023-1835 Microsoft Office Professional Plus 2019 FCommitHtmlPivotCacheElement use-after-free vulnerability 2023-11-15 CVE-2023-36041 7.8
TALOS-2023-1794 Adobe Acrobat Reader Thermometer use-after-free vulnerability 2023-11-15 CVE-2023-44336 8.8
TALOS-2023-1842 Adobe Acrobat Reader U3D page event use-after-free vulnerability 2023-11-15 CVE-2023-44372 8.8
TALOS-2023-1725 Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability 2023-11-14 CVE-2023-24585 7.7
TALOS-2023-1738 Weston Embedded uC-HTTP HTTP Server form boundary memory corruption vulnerability 2023-11-14 CVE-2023-28379 9.0
TALOS-2023-1746 Weston Embedded uC-HTTP HTTP Server Host header parsing memory corruption vulnerability 2023-11-14 CVE-2023-31247 9.0
TALOS-2023-1732 Weston Embedded uC-HTTP HTTP Server memory corruption vulnerability 2023-11-14 CVE-2023-28391 9.0
TALOS-2023-1733 Weston Embedded uC-HTTP HTTP Server form boundary heap-based buffer overflow vulnerability 2023-11-14 CVE-2023-27882 9.0
TALOS-2023-1726 Weston Embedded uC-HTTP HTTP Server buffer overflow vulnerability 2023-11-14 CVE-2023-25181 9.0
TALOS-2023-1825 JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities 2023-10-19 CVE-2023-35126 7.8
TALOS-2023-1758 JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability 2023-10-19 CVE-2023-34366 7.8
TALOS-2023-1808 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability 2023-10-19 CVE-2023-38127 7.8
TALOS-2023-1809 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability 2023-10-19 CVE-2023-38128 7.8
TALOS-2023-1737 SoftEther VPN vpnserver OvsProcessData denial of service vulnerability 2023-10-12 CVE-2023-22308 7.5
TALOS-2023-1743 SoftEther VPN vpnserver ConnectionAccept() denial-of-service vulnerability 2023-10-12 CVE-2023-25774 7.5
TALOS-2023-1755 SoftEther VPN CiRpcServerThread() MitM authentication bypass vulnerability 2023-10-12 CVE-2023-32634 7.8
TALOS-2023-1735 SoftEther VPN vpnserver WpcParsePacket() heap-based buffer overflow vulnerability 2023-10-12 CVE-2023-27395 9.0
TALOS-2023-1768 SoftEther VPN ClientConnect() information disclosure vulnerability 2023-10-12 CVE-2023-31192 5.3
TALOS-2023-1736 SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability 2023-10-12 CVE-2023-22325 5.9
TALOS-2023-1754 SoftEther VPN CiRpcAccepted() authentication bypass vulnerability 2023-10-12 CVE-2023-27516 7.3
TALOS-2023-1741 SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service vulnerability 2023-10-12 CVE-2023-23581 7.5
TALOS-2023-1753 SoftEther VPN CtEnumCa() information disclosure vulnerability 2023-10-12 CVE-2023-32275 5.5
TALOS-2023-1764 Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability 2023-10-11 CVE-2023-34346 9.8
TALOS-2023-1761 Yifan YF325 httpd next_page buffer overflow vulnerability 2023-10-11 CVE-2023-35055,CVE-2023-35056 8.8
TALOS-2023-1778 peplink Surf SOHO HW1 data.cgi xfer_dns OS command injection vulnerability 2023-10-11 CVE-2023-34356 7.2
TALOS-2023-1781 peplink Surf SOHO HW1 upload_brand.cgi cross-site scripting (XSS) vulnerability 2023-10-11 CVE-2023-34354 3.4
TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability 2023-10-11 CVE-2023-24479 9.8
TALOS-2023-1765 Yifan YF325 httpd do_wds stack-based buffer overflow vulnerability 2023-10-11 CVE-2023-31272 8.8
TALOS-2023-1766 Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability 2023-10-11 CVE-2023-34426 9.8
TALOS-2023-1767 Yifan YF325 validate.so diag_ping_start command execution vulnerability 2023-10-11 CVE-2023-32632 8.8
TALOS-2023-1787 Yifan YF325 httpd manage_post stack-based buffer overflow vulnerabilities 2023-10-11 CVE-2023-35965,CVE-2023-35966 9.8
TALOS-2023-1782 peplink Surf SOHO HW1 api.cgi cmd.mvpn.x509.write OS command injection vulnerability 2023-10-11 CVE-2023-35194,CVE-2023-35193 7.2
TALOS-2023-1779 peplink Surf SOHO HW1 admin.cgi MVPN_trial_init OS command injection vulnerability 2023-10-11 CVE-2023-28381 7.2
TALOS-2023-1780 peplink Surf SOHO HW1 admin.cgi USSD_send OS command injection vulnerability 2023-10-11 CVE-2023-27380 7.2
TALOS-2023-1788 Yifan YF325 gwcfg_cgi_set_manage_post_data stack-based buffer overflow vulnerabilities 2023-10-11 CVE-2023-35967,CVE-2023-35968 9.8
TALOS-2023-1752 Yifan YF325 httpd debug credentials leftover debug code vulnerability 2023-10-11 CVE-2023-32645 9.8
TALOS-2023-1763 Yifan YF325 libutils.so nvram_restore stack-based buffer overflow vulnerability 2023-10-11 CVE-2023-34365 9.8
TALOS-2023-1831 Webkit MediaRecorder API stopRecording use-after-free vulnerability 2023-10-06 CVE-2023-39928 8.8
TALOS-2023-1759 Hancom Office 2020 HWord footerr use-after-free vulnerability 2023-09-26 CVE-2023-32541 8.8
TALOS-2023-1830 Accusoft ImageGear tif_parse_sub_IFD use-after-free vulnerability 2023-09-25 CVE-2023-39453 9.8
TALOS-2023-1836 Accusoft ImageGear allocate_buffer_for_jpeg_decoding out-of-bounds write vulnerability 2023-09-25 CVE-2023-40163 9.8
TALOS-2023-1742 Accusoft ImageGear tif_processing_dng_channel_count stack-based buffer overflow vulnerability 2023-09-25 CVE-2023-28393 5.6
TALOS-2023-1750 Accusoft ImageGear tiff_planar_adobe out-of-bounds write vulnerability 2023-09-25 CVE-2023-32284 8.1
TALOS-2023-1802 Accusoft ImageGear dcm_pixel_data_decode out-of-bounds write vulnerability 2023-09-25 CVE-2023-32653 9.8
TALOS-2023-1749 Accusoft ImageGear create_png_object heap-based buffer overflow vulnerability 2023-09-25 CVE-2023-32614 7.0
TALOS-2023-1760 Accusoft ImageGear pictwread heap-based buffer overflow vulnerability 2023-09-25 CVE-2023-35002 9.8
TALOS-2023-1729 Accusoft ImageGear CreateDIBfromPict out-of-bounds write vulnerability 2023-09-25 CVE-2023-23567 8.1
TALOS-2023-1751 Google Chrome VideoEncoder av1_svc_check_reset_layer_rc_flag use-after-free vulnerability 2023-09-25 CVE-2023-3421 8.3
TALOS-2023-1773 Open Automation Software OAS Platform OAS Engine configuration management improper resource allocation vulnerability 2023-09-05 CVE-2023-34994 3.1
TALOS-2023-1772 Open Automation Software OAS Platform OAS Engine User Creation improper input validation vulnerability 2023-09-05 CVE-2023-34317 6.5
TALOS-2023-1770 Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability 2023-09-05 CVE-2023-34998 8.1
TALOS-2023-1769 Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability 2023-09-05 CVE-2023-31242 8.1
TALOS-2023-1774 Open Automation Software OAS Platform OAS Engine configuration management information disclosure vulnerability 2023-09-05 CVE-2023-32271 6.5
TALOS-2023-1775 Open Automation Software OAS Platform OAS Engine configuration management information disclosure vulnerability 2023-09-05 CVE-2023-35124 3.1
TALOS-2023-1771 Open Automation Software OAS Platform OAS Engine configuration file write vulnerability 2023-09-05 CVE-2023-32615 6.5
TALOS-2023-1776 Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability 2023-09-05 CVE-2023-34353 7.5
TALOS-2023-1720 NVIDIA D3D10 Driver Shader Functionality dcl_input index memory corruption vulnerability 2023-08-10 CVE-2022-34671 8.5
TALOS-2023-1721 NVIDIA D3D10 Driver Shader Functionality dcl_resource_structured index memory corruption vulnerability 2023-08-10 CVE-2022-34671 8.5
TALOS-2023-1719 NVIDIA D3D10 Driver Shader Functionality undeclared dcl_output memory corruption vulnerability 2023-08-10 CVE-2022-34671 8.5
TALOS-2022-1664 Open Babel MOL2 format attribute and value out-of-bounds write vulnerability 2023-07-21 CVE-2022-43607 8.1
TALOS-2022-1669 Open Babel MSI format atom uninitialized pointer dereference vulnerability 2023-07-21 CVE-2022-44451 9.8
TALOS-2022-1668 Open Babel GRO format res uninitialized pointer dereference vulnerability 2023-07-21 CVE-2022-42885 9.8
TALOS-2022-1670 Open Babel PQS format pFormat uninitialized pointer dereference vulnerability 2023-07-21 CVE-2022-46280 9.8
TALOS-2022-1671 Open Babel PQS format coord_file out-of-bounds write vulnerability 2023-07-21 CVE-2022-43467 9.8
TALOS-2022-1665 Open Babel ORCA format nAtoms out-of-bounds write vulnerabilities 2023-07-21 CVE-2022-46289,CVE-2022-46290 9.8
TALOS-2022-1667 Open Babel CSR format title out-of-bounds write vulnerability 2023-07-21 CVE-2022-41793 9.8
TALOS-2022-1672 Open Babel Gaussian format orientation out-of-bounds write vulnerability 2023-07-21 CVE-2022-37331 7.3
TALOS-2022-1666 Open Babel translationVectors parsing out-of-bounds write vulnerabilities 2023-07-21 CVE-2022-46292,CVE-2022-46295,CVE-2022-46294,CVE-2022-46293,CVE-2022-46291 9.8
TALOS-2023-1739 Foxit Reader Choice Field use-after-free vulnerability 2023-07-19 CVE-2023-28744 8.8
TALOS-2023-1796 Foxit Reader Javascript annotation destruction use-after-free vulnerability 2023-07-19 CVE-2023-33876 8.8
TALOS-2023-1757 Foxit Reader Field OnBlur event use-after-free vulnerability 2023-07-19 CVE-2023-33866 8.8
TALOS-2023-1756 Foxit Reader Field Calculate event use-after-free vulnerability 2023-07-19 CVE-2023-27379 8.8
TALOS-2023-1795 Foxit Reader checkThisBox type confusion vulnerability 2023-07-19 CVE-2023-32664 8.8
TALOS-2023-1747 Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability 2023-07-17 CVE-2023-36887 8.1
TALOS-2022-1689 Apple DCERPC fixed array use after free vulnerability 2023-07-13 CVE-2023-27958 7.5
TALOS-2022-1675 Apple DCERPC allocation hint uninitialized memory disclosure vulnerability 2023-07-13 None 5.3
TALOS-2023-1799 VMWare vCenter Server DCERPC association groups use-after-free vulnerability 2023-07-13 CVE-2023-20893 7.5
TALOS-2023-1800 VMWare vCenter Server DCERPC presentation result list out of bounds memory access 2023-07-13 CVE-2023-20896 5.9
TALOS-2022-1659 Apple DCERPC presentation result list out of bounds memory access 2023-07-13 CVE-2023-23539 5.9
TALOS-2023-1740 VMware vCenter Server DCERPC save_sec_fragment out-of-bounds pointer vulnerability 2023-07-13 CVE-2023-20895 8.1
TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability 2023-07-13 CVE-2023-20892 7.5
TALOS-2022-1660 Apple DCERPC packet stats buffer overflow vulnerability 2023-07-13 CVE-2023-23513 8.1
TALOS-2023-1717 Apple DCERPC association groups use-after-free vulnerability 2023-07-13 CVE-2023-32387 7.5
TALOS-2022-1679 Apple DCERPC zero length BIND packet infinite loop 2023-07-13 None 5.3
TALOS-2022-1688 Apple DCERPC array marshaling uninitialized memory disclosure vulnerability 2023-07-13 CVE-2023-27953 5.3
TALOS-2022-1676 Apple DCERPC association groups heap overflow 2023-07-13 CVE-2023-27935 7.5
TALOS-2022-1678 Apple DCERPC alter context response use-after-free vulnerability 2023-07-13 CVE-2023-28180 7.5
TALOS-2022-1658 VMware vCenter DCERPC Improper calculation of authentication trailer pointer 2023-07-13 CVE-2023-20894 8.1
TALOS-2022-1677 Apple DCERPC call request uninitialized memory heap overflow vulnerability 2023-07-13 CVE-2023-27934 7.5
TALOS-2023-1723 Milesight UR32L zebra vlan_name OS command injection vulnerabilities 2023-07-06 CVE-2023-25582,CVE-2023-25583 7.2
TALOS-2023-1710 Milesight UR32L urvpn_client cmd_name_action OS command injection vulnerabilities 2023-07-06 CVE-2023-24583,CVE-2023-24582 8.8
TALOS-2023-1716 Milesight UR32L vtysh_ubus sprintf pattern buffer overflow vulnerabilities 2023-07-06 CVE-2023-25091,CVE-2023-25107,CVE-2023-25113,CVE-2023-25120,CVE-2023-25122,CVE-2023-25082,CVE-2023-25095,CVE-2023-25117,CVE-2023-25121,CVE-2023-25115,CVE-2023-25118,CVE-2023-25124,CVE-2023-25101,CVE-2023-25123,CVE-2023-25102,CVE-2023-25084,CVE-2023-25093,CVE-2023-25097,CVE-2023-25103,CVE-2023-25096,CVE-2023-25090,CVE-2023-25085,CVE-2023-25106,CVE-2023-25104,CVE-2023-25086,CVE-2023-25088,CVE-2023-25105,CVE-2023-25112,CVE-2023-25089,CVE-2023-25098,CVE-2023-25081,CVE-2023-25094,CVE-2023-25100,CVE-2023-25110,CVE-2023-25109,CVE-2023-25099,CVE-2023-25119,CVE-2023-25083,CVE-2023-25087,CVE-2023-25116,CVE-2023-25092,CVE-2023-25108,CVE-2023-25111,CVE-2023-25114 7.2
TALOS-2023-1699 Milesight UR32L libzebra.so change_hostname OS command injection vulnerability 2023-07-06 CVE-2023-22659 7.2
TALOS-2023-1713 Milesight UR32L ys_thirdparty system_user_script OS command injection vulnerability 2023-07-06 CVE-2023-24595 7.2
TALOS-2023-1712 Milesight UR32L vtysh_ubus _get_fw_logs OS command injection vulnerability 2023-07-06 CVE-2023-22299 8.8
TALOS-2023-1711 Milesight UR32L ys_thirdparty check_system_user OS command injection vulnerability 2023-07-06 CVE-2023-22365 7.2
TALOS-2023-1718 Milesight UR32L urvpn_client http_connection_readcb stack-based buffer overflow vulnerability 2023-07-06 CVE-2023-24019 8.1
TALOS-2023-1703 Milesight MilesightVPN liburvpn.so create_private_key OS command injection vulnerability 2023-07-06 CVE-2023-22371 8.1
TALOS-2023-1702 Milesight MilesightVPN server.js start directory traversal vulnerability 2023-07-06 CVE-2023-23907 7.5
TALOS-2023-1700 Milesight MilesightVPN requestHandlers.js verifyToken authentication bypass vulnerability 2023-07-06 CVE-2023-22844 7.3
TALOS-2023-1698 Milesight UR32L libzebra.so bridge_group OS command injection vulnerability 2023-07-06 CVE-2023-22306 7.2
TALOS-2023-1697 Milesight UR32L uhttpd login buffer overflow vulnerability 2023-07-06 CVE-2023-23902 9.8
TALOS-2023-1705 Milesight UR32L urvpn_client Certificate Validation vulnerability 2023-07-06 CVE-2023-23546 4.2
TALOS-2023-1715 Milesight UR32L libzebra.so security_decrypt_password buffer overflow vulnerability 2023-07-06 CVE-2023-24018 8.8
TALOS-2023-1696 Milesight UR32L eventcore access violation vulnerability 2023-07-06 CVE-2023-23571 7.5
TALOS-2023-1694 Milesight UR32L ys_thirdparty user_delete OS command injection vulnerability 2023-07-06 CVE-2023-23550 7.2
TALOS-2023-1695 Milesight UR32L luci2-io file-export mib directory traversal vulnerability 2023-07-06 CVE-2023-23547 6.5
TALOS-2023-1706 Milesight UR32L vtysh_ubus toolsh_excute.constprop.1 OS command injection vulnerabilities 2023-07-06 CVE-2023-24519,CVE-2023-24520 8.8
TALOS-2023-1714 Milesight UR32L vtysh_ubus tcpdump_start_cb OS command injection vulnerability 2023-07-06 CVE-2023-22653 8.8
TALOS-2023-1701 Milesight MilesightVPN requestHandlers.js LoginAuth SQL injection vulnerability 2023-07-06 CVE-2023-22319 7.3
TALOS-2023-1704 Milesight MilesightVPN requestHandlers.js detail_device cross-site scripting (XSS) vulnerabilities 2023-07-06 CVE-2023-24497,CVE-2023-24496 4.7
TALOS-2023-1744 Diagon Sequence::DrawText heap-based buffer overflow vulnerability 2023-07-05 CVE-2023-27390 7.8
TALOS-2023-1745 Diagon GraphPlanar::Write improper array index validation vulnerability 2023-07-05 CVE-2023-31194 5.3
TALOS-2023-1724 Google Chrome WebGL rx::Image11::disassociateStorage use-after-free vulnerability 2023-06-26 CVE-2023-1531 8.3
TALOS-2023-1734 Microsoft Office Excel WebCharts out-of-bounds write vulnerability 2023-06-13 CVE-2023-33133 7.8
TALOS-2023-1730 Microsoft Office Excel FreePhisxdb arbitrary free vulnerability 2023-06-13 CVE-2023-32029 7.8
TALOS-2023-1727 Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability 2023-05-26 CVE-2023-1424 10.0
TALOS-2022-1680 Weston Embedded uC-FTPs Authentication authentication bypass vulnerability 2023-05-10 CVE-2022-41985 8.6
TALOS-2022-1681 Weston Embedded uC-FTPs PORT command parameter extraction out-of-bounds read vulnerability 2023-05-10 CVE-2022-46377,CVE-2022-46378 6.5
TALOS-2023-1693 Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability 2023-05-04 CVE-2023-0698 8.3
TALOS-2023-1691 IBM Corporation AIX invscout SetUID Binary OS Command Injection Vulnerability 2023-04-24 CVE-2023-28528 5.5
TALOS-2023-1690 IBM Corporation AIX errlog() Log Injection Vulnerability 2023-04-24 None,CVE-2023-26286 5.5
TALOS-2022-1593 Slic3r libslic3r TriangleMesh clone heap-based buffer overflow vulnerability 2023-04-20 CVE-2022-36788 8.1
TALOS-2023-1692 Lenovo Group Ltd. Smart Clock Essential SSH hard-coded password vulnerability 2023-04-13 CVE-2023-0896 9.8
TALOS-2022-1684 JustSystems Corporation Ichitaro Attribute Arena buffer overflow vulnerability 2023-04-05 CVE-2022-45115 7.8
TALOS-2023-1722 JustSystems Corporation Ichitaro "LayoutBox" stream heap-based buffer overflow vulnerability 2023-04-05 CVE-2023-22660 7.0
TALOS-2022-1687 JustSystems Corporation Ichitaro Frame stream parser invalid free vulnerability 2023-04-05 CVE-2023-22291 7.0
TALOS-2022-1673 Justsystem Ichitaro Protected Attribute Identifier Use-After-Free Vulnerablity 2023-04-05 CVE-2022-43664 7.8
TALOS-2022-1594 ADMesh stl_fix_normal_directions improper array index validation vulnerability 2023-04-03 CVE-2022-38072 6.5
TALOS-2023-1708 OpenImageIO Project OpenImageIO TGAInput::decode_pixel() out-of-bounds read vulnerability 2023-03-30 CVE-2023-22845 7.5
TALOS-2023-1731 SNIProxy wildcard backend hosts buffer overflow vulnerability 2023-03-30 CVE-2023-25076 9.8
TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability 2023-03-30 CVE-2022-43473 5.8
TALOS-2023-1707 OpenImageIO Project OpenImageIO TGAInput::read_tga2_header information disclosure vulnerability 2023-03-30 CVE-2023-24473 5.3
TALOS-2023-1709 OpenImageIO Project OpenImageIO FitsOutput::close() denial of service vulnerability 2023-03-30 CVE-2023-24472 7.5
TALOS-2022-1597 Netgear Orbi Satellite RBS750 ubus backend communications command execution vulnerability 2023-03-21 CVE-2022-36429 7.2
TALOS-2022-1596 Netgear Orbi Router RBR750 access control command execution vulnerability 2023-03-21 CVE-2022-37337 9.1
TALOS-2022-1598 Netgear Orbi Router RBR750 Remote Management cleartext transmission vulnerability 2023-03-21 CVE-2022-38458 6.5
TALOS-2022-1595 Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability 2023-03-21 CVE-2022-38452 7.2
TALOS-2022-1683 WellinTech KingHistorian User authentication information disclosure vulnerability 2023-03-20 CVE-2022-45124 7.5
TALOS-2022-1674 WellinTech KingHistorian SORBAx64.dll RecvPacket integer conversion vulnerability 2023-03-20 CVE-2022-43663 8.1
TALOS-2022-1645 Ghost Foundation node-sqlite3 code execution vulnerability 2023-03-16 CVE-2022-43441 8.1
TALOS-2022-1662 EIP Stack Group OpENer SetAttributeList attribute_count_request out-of-bounds write vulnerability 2023-02-23 CVE-2022-43605 10.0
TALOS-2022-1661 EIP Stack Group OpENer GetAttributeList attribute_count_request out-of-bounds write vulnerability 2023-02-23 CVE-2022-43604 10.0
TALOS-2022-1663 EIP Stack Group OpENer Forward Open connection_management_entry use of uninitialized pointer vulnerability 2023-02-23 CVE-2022-43606 7.5
TALOS-2022-1616 Moxa SDS-3008 Series Industrial Ethernet Switch web application cleartext transmission vulnerability 2023-02-02 CVE-2022-40693 5.9
TALOS-2022-1619 Moxa SDS-3008 Series Industrial Ethernet Switch web application stored cross-site scripting vulnerability 2023-02-02 CVE-2022-41313,CVE-2022-41311,CVE-2022-41312 4.3
TALOS-2022-1618 Moxa SDS-3008 Series Industrial Ethernet Switch web server denial of service vulnerability 2023-02-02 CVE-2022-40224 5.3
TALOS-2022-1621 Moxa SDS-3008 Series Industrial Ethernet Switch web application information disclosure vulnerability 2023-02-02 CVE-2022-40691 5.3
TALOS-2022-1682 ESTsoft Alyac NT header out of bounds read 2023-02-02 CVE-2022-43665 5.0
TALOS-2022-1612 Siretta QUARTZ-GOLD httpd txt/restore.cgi OS command injection vulnerability 2023-01-26 CVE-2022-40220 7.2
TALOS-2022-1637 Siretta QUARTZ-GOLD m2m DELETE_FILE cmd directory traversal vulnerability 2023-01-26 CVE-2022-41154 8.2
TALOS-2022-1642 FreshTomato httpd update.cgi directory traversal vulnerability 2023-01-26 CVE-2022-38451 6.8
TALOS-2022-1613 Siretta QUARTZ-GOLD DetranCLI command parsing stack-based buffer overflow vulnerabilities 2023-01-26 CVE-2022-40992,CVE-2022-41018,CVE-2022-41005,CVE-2022-41028,CVE-2022-40990,CVE-2022-40985,CVE-2022-40989,CVE-2022-40991,CVE-2022-40994,CVE-2022-41002,CVE-2022-41012,CVE-2022-41019,CVE-2022-41030,CVE-2022-41011,CVE-2022-41027,CVE-2022-40986,CVE-2022-41007,CVE-2022-41022,CVE-2022-41020,CVE-2022-40995,CVE-2022-40998,CVE-2022-41001,CVE-2022-41006,CVE-2022-41014,CVE-2022-41029,CVE-2022-41010,CVE-2022-40997,CVE-2022-40996,CVE-2022-41016,CVE-2022-40988,CVE-2022-41017,CVE-2022-41004,CVE-2022-41013,CVE-2022-41000,CVE-2022-40999,CVE-2022-41025,CVE-2022-41008,CVE-2022-41015,CVE-2022-41026,CVE-2022-41024,CVE-2022-41009,CVE-2022-41003,CVE-2022-40993,CVE-2022-41021,CVE-2022-40987,CVE-2022-41023 7.2
TALOS-2022-1640 Siretta QUARTZ-GOLD m2m m2m_parse_router_config cmd OS command injection vulnerabilities 2023-01-26 CVE-2022-42492,CVE-2022-42491,CVE-2022-42493,CVE-2022-42490 9.8
TALOS-2022-1607 Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability 2023-01-26 CVE-2022-40969 7.2
TALOS-2022-1641 FreshTomato httpd logs/view.cgi OS command injection vulnerability 2023-01-26 CVE-2022-42484 9.1
TALOS-2022-1606 Siretta QUARTZ-GOLD httpd delfile.cgi directory traversal vulnerability 2023-01-26 CVE-2022-40701 6.5
TALOS-2022-1608 Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability 2023-01-26 CVE-2022-38459 7.2
TALOS-2022-1610 Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability 2023-01-26 CVE-2022-38715 7.2
TALOS-2022-1615 Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability 2023-01-26 CVE-2022-38066 7.2
TALOS-2022-1611 Siretta QUARTZ-GOLD httpd upload.cgi file write vulnerability 2023-01-26 CVE-2022-39045 7.2
TALOS-2022-1638 Siretta QUARTZ-GOLD m2m DELETE_FILE cmd OS command injection vulnerability 2023-01-26 CVE-2022-40222 9.8
TALOS-2022-1609 Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability 2023-01-26 CVE-2022-38088 4.9
TALOS-2022-1605 Siretta QUARTZ-GOLD httpd delfile.cgi stack-based buffer overflow vulnerability 2023-01-26 CVE-2022-36279 7.2
TALOS-2022-1639 Siretta QUARTZ-GOLD m2m DELETE_FILE cmd heap-based buffer overflow vulnerability 2023-01-26 CVE-2022-41991 9.8
TALOS-2022-1686 Ghost Foundation Ghost Post Creation insecure default installation vulnerability 2023-01-19 CVE-2022-47197,CVE-2022-47195,CVE-2022-47194,CVE-2022-47196 9.0
TALOS-2022-1646 Mitsubishi Electric Corporation MELSEC iQ-FX5U webserver session identifier generation authentication bypass vulnerability 2023-01-18 CVE-2022-40267 7.1
TALOS-2022-1650 Qt Project Qt QML QtScript Javascript spreading buffer overflow vulnerability 2023-01-12 CVE-2022-43591 8.8
TALOS-2022-1617 Qt Project Qt QML QtScript Reflect API integer overflow vulnerability 2023-01-12 CVE-2022-40983 8.8
TALOS-2022-1592 Asus RT-AX82U cfg_server cm_processConnDiagPktList denial of service vulnerability 2023-01-10 CVE-2022-38393 7.5
TALOS-2022-1590 Asus RT-AX82U cfg_server cm_processREQ_NC information disclosure vulnerability 2023-01-10 CVE-2022-38105 7.5
TALOS-2022-1586 Asus RT-AX82U get_IFTTTTtoken.cgi authentication bypass vulnerability 2023-01-10 CVE-2022-35401 9.0
TALOS-2022-1632 OpenImageIO PSD format image file directory denial of service vulnerability 2022-12-22 CVE-2022-41684 7.5
TALOS-2022-1633 OpenImageIO TIFF tile pels decoding heap-based buffer overflow 2022-12-22 CVE-2022-41639 9.8
TALOS-2022-1634 OpenImageIO DDS scanline parsing code execution vulnerability 2022-12-22 CVE-2022-41838 9.8
TALOS-2022-1635 OpenImageIO DDS native tile reading denial of service vulnerability 2022-12-22 CVE-2022-41999 7.5
TALOS-2022-1636 OpenImageIO Exif out-of-bounds write vulnerability 2022-12-22 CVE-2022-41837 9.8
TALOS-2022-1643 OpenImageIO TIFF IPTC decoding information disclosure vulnerability 2022-12-22 CVE-2022-41988 5.3
TALOS-2022-1651 OpenImageIO Project OpenImageIO DPXOutput::close() information disclosure vulnerability 2022-12-22 CVE-2022-43592 5.9
TALOS-2022-1652 OpenImageIO Project OpenImageIO DPXOutput::close() denial of service vulnerability 2022-12-22 CVE-2022-43593 5.9
TALOS-2022-1654 OpenImageIO Project OpenImageIO IFFOutput channel interleaving information disclosure vulnerability 2022-12-22 CVE-2022-43596 5.9
TALOS-2022-1655 OpenImageIO Project OpenImageIO IFFOutput alignment padding memory corruption vulnerability 2022-12-22 CVE-2022-43598,CVE-2022-43597 8.1
TALOS-2022-1657 OpenImageIO Project OpenImageIO ZfileOutput::close() denial of service vulnerability 2022-12-22 CVE-2022-43603 5.9
TALOS-2022-1627 OpenImageIO TIFF file string field information disclosure vulnerability 2022-12-22 CVE-2022-41977 5.3
TALOS-2022-1628 OpenImageIO TGA Format Stack Buffer Overflow Vulnerability 2022-12-22 CVE-2022-41981 8.1
TALOS-2022-1653 OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability 2022-12-22 CVE-2022-43594,CVE-2022-43595 5.9
TALOS-2022-1656 OpenImageIO Project OpenImageIO IFFOutput wild write vulnerability 2022-12-22 CVE-2022-43601,CVE-2022-43600,CVE-2022-43599,CVE-2022-43602 8.1
TALOS-2022-1626 OpenImageIO PSD thumbnail resource code execution vulnerability 2022-12-22 CVE-2022-41794 9.8
TALOS-2022-1629 OpenImageIO RLA format rle span out-of-bounds read vulnerability 2022-12-22 CVE-2022-36354 5.3
TALOS-2022-1630 OpenImageIO RLE encoded BMP image out-of-bounds write vulnerability 2022-12-22 CVE-2022-38143 9.8
TALOS-2022-1631 OpenImageIO TIFF file IPTC data information disclosure vulnerability 2022-12-22 CVE-2022-41649 7.5
TALOS-2022-1625 Ghost user enumeration vulnerablity 2022-12-21 CVE-2022-41697 5.3
TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability 2022-12-21 CVE-2022-41654 9.6
TALOS-2022-1589 OpenStack Kolla sudo privilege escalation vulnerability 2022-12-20 CVE-2022-38060 8.8
TALOS-2022-1599 OpenStack oslo.privsep privilege escalation vulnerability 2022-12-20 CVE-2022-38065 8.8
TALOS-2022-1588 VMware vCenter Server Content Library denial of service vulnerability 2022-12-13 CVE-2022-31698 8.6
TALOS-2022-1644 PowerISO VHD File Format parsing CXSPARSE record memory corruption vulnerability 2022-12-07 CVE-2022-41992 7.8
TALOS-2022-1604 NVIDIA D3D10 Driver Shader Functionality DCL_INDEXRANGE instruction memory corruption vulnerability 2022-12-06 CVE-2022-34671 8.5
TALOS-2022-1603 NVIDIA D3D10 Driver Shader Functionality MOV instruction memory corruption vulnerability 2022-12-06 CVE-2022-34671 8.5
TALOS-2022-1531 Lansweeper lansweeper TicketTemplateActions.aspx GetTemplateAttachment directory traversal vulnerability 2022-12-01 CVE-2022-27498 9.1
TALOS-2022-1532 Lansweeper lansweeper HdConfigActions.aspx altertextlanguages stored cross-site scripting vulnerability 2022-12-01 CVE-2022-28703 9.1
TALOS-2022-1541 Lansweeper lansweeper SanitizeHtml cross-site scripting (XSS) vulnerability 2022-12-01 CVE-2022-32763 9.1
TALOS-2022-1530 Lansweeper lansweeper KnowledgebasePageActions.aspx ImportArticles directory traversal vulnerability 2022-12-01 CVE-2022-29511 9.1
TALOS-2022-1529 Lansweeper lansweeper HelpdeskActions.aspx edittemplate directory traversal vulnerability 2022-12-01 CVE-2022-29517 9.9
TALOS-2022-1528 Lansweeper lansweeper AssetActions.aspx directory traversal vulnerability 2022-12-01 CVE-2022-32573 9.9
TALOS-2022-1648 Callback technologies CBFS Filter handle_ioctl_8314C null pointer dereference vulnerability 2022-11-22 CVE-2022-43589 6.2
TALOS-2022-1647 Callback technologies CBFS Filter handle_ioctl_83150 null pointer dereference vulnerability 2022-11-22 CVE-2022-43588 6.2
TALOS-2022-1649 Callback technologies CBFS Filter handle_ioctl_0x830a0_systembuffer null pointer dereference vulnerability 2022-11-22 CVE-2022-43590 6.2
TALOS-2022-1591 Microsoft Office class attribute double-free vulnerability 2022-11-15 CVE-2022-41106 7.8
TALOS-2022-1601 Foxit Reader annotation destroy use-after-free vulnerability 2022-11-10 CVE-2022-38097 8.8
TALOS-2022-1602 Foxit Reader openPlayer use-after-free vulnerability 2022-11-10 CVE-2022-37332 8.8
TALOS-2022-1600 Foxit Reader deletePages Field Calculate use-after-free vulnerability 2022-11-10 CVE-2022-32774 8.8
TALOS-2022-1614 Foxit Reader Optional Content Group use-after-free vulnerability 2022-11-10 CVE-2022-40129 8.8
TALOS-2022-1521 InHand Networks InRouter302 console support leftover debug code vulnerability 2022-10-27 CVE-2022-28689 6.5
TALOS-2022-1519 InHand Networks InRouter302 console infct leftover debug code vulnerability 2022-10-27 CVE-2022-30543 4.3
TALOS-2022-1520 InHand Networks InRouter302 console verify leftover debug code vulnerability 2022-10-27 CVE-2022-26023 6.5
TALOS-2022-1518 InHand Networks InRouter302 console nvram leftover debug code vulnerability 2022-10-27 CVE-2022-29481 4.9
TALOS-2022-1523 InHand Networks InRouter302 Incorrect fixes privilege escalation vulnerability 2022-10-27 CVE-2022-25932 7.4
TALOS-2022-1522 InHand Networks InRouter302 httpd port 4444 upload.cgi leftover debug code vulnerability 2022-10-27 CVE-2022-29888 6.5
TALOS-2022-1544 Accusoft ImageGear PICT parsing pctwread_14841 out-of-bounds write vulnerability 2022-10-27 CVE-2022-32588 9.8
TALOS-2022-1560 Abode Systems, Inc. iota All-In-One Security Kit XCMD setIPCam stack-based buffer overflow vulnerability 2022-10-20 CVE-2022-32454 10.0
TALOS-2022-1561 Abode Systems, Inc. iota All-In-One Security Kit console_main_loop :sys OS command injection vulnerability 2022-10-20 CVE-2022-29520 8.1
TALOS-2022-1566 Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_serial_mac OS command injection vulnerability 2022-10-20 CVE-2022-29472 10.0
TALOS-2022-1553 Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability 2022-10-20 CVE-2022-29475 4.7
TALOS-2022-1583 Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities 2022-10-20 CVE-2022-35879,CVE-2022-35878,CVE-2022-35881,CVE-2022-35880 7.1
TALOS-2022-1582 Abode Systems, Inc. iota All-In-One Security Kit XCMD getVarHA memory corruption vulnerability 2022-10-20 CVE-2022-35244 9.8
TALOS-2022-1585 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect format string injection vulnerabilities 2022-10-20 CVE-2022-35885,CVE-2022-35886,CVE-2022-35884,CVE-2022-35887 8.2
TALOS-2022-1557 Abode Systems, Inc. iota All-In-One Security Kit XCMD setUPnP OS command injection vulnerability 2022-10-20 CVE-2022-30541 10.0
TALOS-2022-1552 Abode Systems, Inc. iota All-In-One Security Kit GHOME control authentication bypass vulnerability 2022-10-20 CVE-2022-27805 9.8
TALOS-2022-1558 Abode Systems, Inc. iota All-In-One Security Kit XCMD setAlexa OS command injection vulnerability 2022-10-20 CVE-2022-33189 10.0
TALOS-2022-1584 Abode Systems, Inc. iota All-In-One Security Kit ghome_process_control_packet format string injection vulnerability 2022-10-20 CVE-2022-33938 8.2
TALOS-2022-1567 Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_abode_code OS command injection vulnerability 2022-10-20 CVE-2022-27804 8.0
TALOS-2022-1559 Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP OS command injection vulnerabilities 2022-10-20 CVE-2022-33194,CVE-2022-33195,CVE-2022-33193,CVE-2022-33192 10.0
TALOS-2022-1554 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/factory* authentication bypass vulnerability 2022-10-20 CVE-2022-29477 8.6
TALOS-2022-1581 Abode Systems, Inc. iota All-In-One Security Kit XCMD testWifiAP format string injection vulnerabilities 2022-10-20 CVE-2022-35877,CVE-2022-35874,CVE-2022-35875,CVE-2022-35876 8.2
TALOS-2022-1563 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost OS command injection vulnerability 2022-10-20 CVE-2022-32586 8.0
TALOS-2022-1569 Abode Systems, Inc. iota All-In-One Security Kit telnet hard-coded password vulnerability 2022-10-20 CVE-2022-29889 9.8
TALOS-2022-1568 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/wirelessConnect OS command injection vulnerabilities 2022-10-20 CVE-2022-33205,CVE-2022-33204,CVE-2022-33206,CVE-2022-33207 10.0
TALOS-2022-1564 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamRecordPost integer overflow vulnerability 2022-10-20 CVE-2022-32775 9.0
TALOS-2022-1555 Abode Systems, Inc. iota All-In-One Security Kit XCMD doDebug denial of service vulnerability 2022-10-20 CVE-2022-32760 8.6
TALOS-2022-1565 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/ipcamSetParamPost double-free vulnerability 2022-10-20 CVE-2022-32574 7.5
TALOS-2022-1562 Abode Systems, Inc. iota All-In-One Security Kit web interface /action/iperf OS command injection vulnerability 2022-10-20 CVE-2022-30603 10.0
TALOS-2022-1556 Abode Systems, Inc. iota All-In-One Security Kit XCMD doDebug OS Command Injection vulnerability 2022-10-20 CVE-2022-32773 10.0
TALOS-2022-1580 Robustel R1510 sysupgrade firmware update vulnerability 2022-10-14 CVE-2022-34845 6.7
TALOS-2022-1577 Robustel R1510 js_package install OS command injection vulnerability 2022-10-14 CVE-2022-33150 9.1
TALOS-2022-1578 Robustel R1510 web_server /action/import_authorized_keys/ OS command injection vulnerability 2022-10-14 CVE-2022-34850 9.1
TALOS-2022-1579 Robustel R1510 web_server /ajax/remove/ directory traversal vulnerability 2022-10-14 CVE-2022-33897 4.9
TALOS-2022-1575 Robustel R1510 web_server hashFirst denial of service vulnerability 2022-10-14 CVE-2022-35266,CVE-2022-35265,CVE-2022-35267,CVE-2022-35262,CVE-2022-35261,CVE-2022-35264,CVE-2022-35263,CVE-2022-35271,CVE-2022-35270,CVE-2022-35269,CVE-2022-35268 4.9
TALOS-2022-1576 Robustel R1510 sysupgrade command injection OS command injection vulnerability 2022-10-14 CVE-2022-32765 9.1
TALOS-2022-1587 VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability 2022-10-10 CVE-2022-31680 8.7
TALOS-2022-1574 Hancom Office 2020 Hword Docx XML parsing heap underflow vulnerability 2022-10-04 CVE-2022-33896 7.8
TALOS-2022-1517 uClibC and uClibC-ng libpthread linuxthreads memory corruption vulnerabilities 2022-09-22 CVE-2022-29503 8.1
TALOS-2022-1497 Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability 2022-08-17 CVE-2022-35821 4.4
TALOS-2022-1539 WWBN AVideo image403 cross-site scripting (XSS) vulnerability 2022-08-16 CVE-2022-30690 9.6
TALOS-2022-1515 Microsoft DirectComposition GetWeakReferenceBase null pointer dereference vulnerability 2022-08-16 CVE-2022-40733 5.0
TALOS-2022-1551 WWBN AVideo ObjectYPT SQL injection vulnerability 2022-08-16 CVE-2022-33147,CVE-2022-34652,CVE-2022-33149,CVE-2022-33148 8.3
TALOS-2022-1545 WWBN AVideo password hash improper authentication vulnerability 2022-08-16 CVE-2022-32282 7.2
TALOS-2022-1548 WWBN AVideo aVideoEncoder wget OS command injection vulnerability 2022-08-16 CVE-2022-32572 9.9
TALOS-2022-1534 WWBN AVideo all cross-site request forgery (csrf) vulnerability 2022-08-16 CVE-2022-29468 8.8
TALOS-2022-1514 Microsoft DirectComposition CCompositionSurfaceBitmapMarshaler null pointer dereference vulnerability 2022-08-16 CVE-2022-40732 5.0
TALOS-2022-1546 WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability 2022-08-16 CVE-2022-30534 9.9
TALOS-2022-1537 WWBN AVideo charts tab selection cross-site scripting (XSS) vulnerability 2022-08-16 CVE-2022-26842 9.6
TALOS-2022-1485 HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability 2022-08-16 CVE-2022-25972 7.8
TALOS-2022-1547 WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability 2022-08-16 CVE-2022-30547 9.9
TALOS-2022-1542 WWBN AVideo cookie information disclosure vulnerability 2022-08-16 CVE-2022-32777,CVE-2022-32778 7.5
TALOS-2022-1538 WWBN AVideo footer alerts cross-site scripting (XSS) vulnerability 2022-08-16 CVE-2022-32770,CVE-2022-32772,CVE-2022-32771 9.6
TALOS-2022-1540 WWBN AVideo videoAddNew cross-site scripting (XSS) vulnerability 2022-08-16 CVE-2022-28712 9.0
TALOS-2022-1535 WWBN AVideo session id privilege escalation vulnerability 2022-08-16 CVE-2022-30605 8.8
TALOS-2022-1486 HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability 2022-08-16 CVE-2022-25942 7.8
TALOS-2022-1536 WWBN AVideo objects id handling authentication bypass vulnerability 2022-08-16 CVE-2022-32768,CVE-2022-32769 4.8
TALOS-2022-1550 WWBN AVideo chunkFile information disclosure vulnerability 2022-08-16 CVE-2022-28710 6.5
TALOS-2022-1487 HDF5 Group libhdf5 gif2h5 heap-based buffer overflow vulnerability 2022-08-16 CVE-2022-26061 7.8
TALOS-2022-1549 WWBN AVideo aVideoEncoderReceiveImage information disclosure vulnerability 2022-08-16 CVE-2022-32761 6.5
TALOS-2022-1527 ESTsoft Alyac OLE header parsing integer overflow 2022-08-03 CVE-2022-32543 7.3
TALOS-2022-1533 ESTsoft Alyac OLE header Mini FAT sectors integer overflow 2022-08-03 CVE-2022-29886 7.3
TALOS-2022-1506 TCL LinkHub Mesh Wi-Fi confctl_set_wan_cfg denial of service vulnerability 2022-08-01 CVE-2022-27178 9.6
TALOS-2022-1457 TCL LinkHub Mesh Wifi confsrv ucloud_add_node_new OS command injection vulnerability 2022-08-01 CVE-2022-21178 9.6
TALOS-2022-1462 TCL LinkHub Mesh Wi-Fi confsrv confctl_set_app_language stack-based buffer overflow vulnerability 2022-08-01 CVE-2022-23103 8.8
TALOS-2022-1458 TCL LinkHub Mesh Wifi confsrv ucloud_add_node OS command injection vulnerability 2022-08-01 CVE-2022-22140 9.6
TALOS-2022-1505 TCL LinkHub Mesh Wifi confctl_set_master_wlan denial of service vulnerability 2022-08-01 CVE-2022-27185 9.3
TALOS-2022-1456 TCL LinkHub Mesh Wifi confers ucloud_add_node_new stack-based buffer overflow vulnerability 2022-08-01 CVE-2022-21201 8.8
TALOS-2022-1502 TCL LinkHub Mesh Wifi confctl_set_guest_wlan denial of service vulnerability 2022-08-01 CVE-2022-27660 9.3
TALOS-2022-1455 TCL LinkHub Mesh Wifi confsrv set_mf_rule stack-based buffer overflow vulnerability 2022-08-01 CVE-2022-23919,CVE-2022-23918 8.8
TALOS-2022-1503 TCL LinkHub Mesh Wifi confctl_get_guest_wlan information disclosure vulnerability 2022-08-01 CVE-2022-27633 6.5
TALOS-2022-1484 TCL LinkHub Mesh Wi-Fi confsrv ucloud_set_node_location buffer overflow vulnerability 2022-08-01 CVE-2022-26342 8.8
TALOS-2022-1459 TCL LinkHub Mesh Wifi libcommonprod.so prod_change_root_passwd hard-coded password vulnerability 2022-08-01 CVE-2022-22144 7.5
TALOS-2022-1483 TCL LinkHub Mesh Wi-Fi confsrv ucloud_set_node_location stack-based buffer overflow vulnerability 2022-08-01 CVE-2022-26009 8.8
TALOS-2022-1507 TCL LinkHub Mesh Wifi ucloud_del_node denial of service vulnerability 2022-08-01 CVE-2022-26346 9.6
TALOS-2022-1482 TCL LinkHub Mesh Wi-Fi confsrv addTimeGroup stack-based buffer overflow vulnerability 2022-08-01 CVE-2022-25996 8.8
TALOS-2022-1463 TCL LinkHub Mesh Wifi GetValue buffer overflow vulnerability 2022-08-01 CVE-2022-24021,CVE-2022-24011,CVE-2022-24028,CVE-2022-24023,CVE-2022-24026,CVE-2022-24016,CVE-2022-24005,CVE-2022-24019,CVE-2022-24029,CVE-2022-24007,CVE-2022-24017,CVE-2022-24008,CVE-2022-24006,CVE-2022-24013,CVE-2022-24009,CVE-2022-24010,CVE-2022-24020,CVE-2022-24015,CVE-2022-24012,CVE-2022-24022,CVE-2022-24014,CVE-2022-24027,CVE-2022-24025,CVE-2022-24018,CVE-2022-24024 9.6
TALOS-2022-1454 TCL LinkHub Mesh Wifi confsrv set_port_fwd_rule stack-based buffer overflow vulnerability 2022-08-01 CVE-2022-23399 8.8
TALOS-2022-1504 TCL LinkHub Mesh Wifi confctl_get_master_wlan information disclosure vulnerability 2022-08-01 CVE-2022-27630 6.5
TALOS-2022-1509 FreshTomato httpd unescape memory corruption vulnerability 2022-07-27 CVE-2022-28665,CVE-2022-28664 5.3
TALOS-2022-1510 DD-WRT httpd unescape memory corruption vulnerability 2022-07-27 CVE-2022-27631 5.3
TALOS-2022-1511 Asuswrt and Asuswrt-Merlin New Gen httpd unescape memory corruption vulnerability 2022-07-27 CVE-2022-26376 5.3
TALOS-2022-1526 Accusoft ImageGear PSD Header processing memory allocation out-of-bounds write vulnerability 2022-07-18 CVE-2022-29465 8.1
TALOS-2022-1508 Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability 2022-07-14 CVE-2022-2399 8.3
TALOS-2022-1516 Adobe Acrobat Reader DC overlapping annotations type confusion vulnerability 2022-07-13 CVE-2022-34221 8.8
TALOS-2022-1525 Adobe Acrobat Reader DC event value use-after-free 2022-07-13 CVE-2022-34230 8.8
TALOS-2022-1571 Robustel R1510 web_server /action/remove/ API data removal vulnerability 2022-06-30 CVE-2022-28127 8.7
TALOS-2022-1570 Robustel R1510 clish art2 command execution vulnerability 2022-06-30 CVE-2022-32585 9.1
TALOS-2022-1573 Robustel R1510 web_server ajax endpoints OS command injection vulnerabilities 2022-06-30 CVE-2022-33326,CVE-2022-33329,CVE-2022-33327,CVE-2022-33325,CVE-2022-33328 9.1
TALOS-2022-1572 Robustel R1510 web_server action endpoints OS command injection vulnerabilities 2022-06-30 CVE-2022-33312,CVE-2022-33313,CVE-2022-33314 9.1
TALOS-2022-1524 Blynk Blynk-Library BlynkConsole.h runCommand stack-based buffer overflow vulnerability 2022-06-15 CVE-2022-29496 9.0
TALOS-2022-1440 Anker Eufy Homebase 2 mips_collector appsrv_server use-after-free vulnerability 2022-06-15 CVE-2022-21806 10.0
TALOS-2022-1461 Bachmann Visutec GmbH Atvise License registration information disclosure vulnerability 2022-06-15 CVE-2022-21184 5.9
TALOS-2022-1491 Open Automation Software Platform Engine SecureConfigValues denial of service vulnerability 2022-05-25 CVE-2022-26026 7.5
TALOS-2022-1489 Open Automation Software Platform Engine SecureAddSecurity external config control vulnerability 2022-05-25 CVE-2022-26043 7.5
TALOS-2022-1490 Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability 2022-05-25 CVE-2022-26077 7.5
TALOS-2022-1493 Open Automation Software Platform Engine SecureTransferFiles file write vulnerability 2022-05-25 CVE-2022-26082 9.1
TALOS-2022-1492 Open Automation Software Platform Engine SecureTransferFiles information disclosure vulnerability 2022-05-25 CVE-2022-26067 4.9
TALOS-2022-1513 Open Automation Software OAS Platform REST API unauthenticated vulnerability 2022-05-25 CVE-2022-26833 9.4
TALOS-2022-1488 Open Automation Software Platform Engine SecureAddUser External config control vulnerability 2022-05-25 CVE-2022-26303 7.5
TALOS-2022-1494 Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability 2022-05-25 CVE-2022-27169 7.5
TALOS-2021-1435 NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXABLE memory corruption vulnerability 2022-05-17 CVE-2022-28181 8.5
TALOS-2021-1437 NVIDIA nvwgf2umx_cfg.dll shader DCL_UNORDERED_ACCESS_VIEW_STRUCTURED memory corruption vulnerability 2022-05-17 CVE-2022-28182 8.5
TALOS-2021-1438 NVIDIA nvwgf2umx_cfg.dll shader DCL_RESOURCE_STRUCTURED memory corruption vulnerability 2022-05-17 CVE-2022-28182 8.5
TALOS-2021-1436 NVIDIA nvwgf2umx_cfg.dll shader DCL_INDEXRANGE memory corruption vulnerability 2022-05-17 CVE-2022-28182 8.5
TALOS-2022-1476 InHand Networks InRouter302 console factory stack-based buffer overflow vulnerability 2022-05-10 CVE-2022-26002 9.1
TALOS-2022-1475 InHand Networks InRouter302 console factory OS command injection vulnerability 2022-05-10 CVE-2022-26007 9.1
TALOS-2022-1474 InHand Networks InRouter302 router configuration export information disclosure vulnerability 2022-05-10 CVE-2022-26020 6.3
TALOS-2022-1501 InHand Networks InRouter302 console infactory_net command injection vulnerability 2022-05-10 CVE-2022-26518 9.9
TALOS-2022-1472 InHand Networks InRouter302 router configuration import privilege escalation vulnerability 2022-05-10 CVE-2022-21182 7.4
TALOS-2022-1473 InHand Networks InRouter302 httpd wlscan_ASP OS command injection vulnerability 2022-05-10 CVE-2022-26085 9.9
TALOS-2022-1478 InHand Networks InRouter302 daretools binary OS command injection vulnerability 2022-05-10 CVE-2022-26042 9.9
TALOS-2022-1468 InHand Networks InRouter302 httpd upload.cgi file write vulnerability 2022-05-10 CVE-2022-21809 9.9
TALOS-2022-1496 InHand Networks InRouter302 console infactory hard-coded password vulnerability 2022-05-10 CVE-2022-27172 4.3
TALOS-2022-1471 InHand Networks InRouter302 httpd parse_ping_result API buffer overflow vulnerability 2022-05-10 CVE-2022-24910 8.2
TALOS-2022-1470 InHand Networks InRouter302 web interface session cookie information disclosure vulnerability 2022-05-10 CVE-2022-25172 7.5
TALOS-2022-1499 InHand Networks InRouter302 console infactory_port OS command injection vulnerability 2022-05-10 CVE-2022-26420 9.9
TALOS-2022-1469 InHand Networks InRouter302 info.jsp cross-site scripting (XSS) vulnerability 2022-05-10 CVE-2022-21238 5.4
TALOS-2022-1500 InHand Networks InRouter302 console infactory_wlan command injection vulnerability 2022-05-10 CVE-2022-26075 9.9
TALOS-2022-1477 InHand Networks InRouter302 console inhand command execution vulnerability 2022-05-10 CVE-2022-25995 9.9
TALOS-2022-1452 ESTsoft Alyac PE section headers out of bounds read 2022-05-10 CVE-2022-21147 5.0
TALOS-2022-1481 InHand Networks InRouter302 libnvram.so nvram_import improper input validation vulnerabilities 2022-05-10 CVE-2022-26780,CVE-2022-26781,CVE-2022-26782 9.9
TALOS-2022-1495 InHand Networks InRouter302 iburn firmware checks firmware update vulnerability 2022-05-10 CVE-2022-26510 9.9
TALOS-2021-1412 WPS Office HtmTableAlt use-after-free vulnerability 2022-05-09 CVE-2021-40399 8.8
TALOS-2022-1479 Anker Eufy Homebase 2 libxm_av.so getpeermac() authentication bypass vulnerability 2022-05-05 CVE-2022-25989 7.1
TALOS-2022-1480 Anker Eufy Homebase 2 libxm_av.so DemuxCmdInBuffer buffer overflow vulnerability 2022-05-05 CVE-2022-26073 7.4
TALOS-2022-1449 Accusoft ImageGear ioca_mys_rgb_allocate memory corruption vulnerability 2022-05-02 CVE-2022-22137 9.8
TALOS-2022-1465 Accusoft ImageGear IGXMPXMLParser::parseDelimiter stack-based buffer overflow vulnerability 2022-05-02 CVE-2022-23400 7.1
TALOS-2022-1512 ArduPilot APWeb cgi.c unescape memory corruption vulnerability 2022-04-14 CVE-2022-28711 5.3
TALOS-2021-1411 Accusoft ImageGear parse_raster_data out-of-bounds write vulnerability 2022-03-31 CVE-2021-40398 8.1
TALOS-2021-1434 Sound Exchange libsox sphere.c start_read() heap-based buffer overflow vulnerability 2022-03-23 CVE-2021-40426 10.0
TALOS-2022-1464 Leadtools fltSaveCMP integer overflow vulnerability 2022-03-15 CVE-2022-21154 8.8
TALOS-2021-1433 Webroot Secure Anywhere IOCTL GetProcessCommand and B_03 out-of-bounds read vulnerability 2022-03-15 CVE-2021-40425,CVE-2021-40424 7.1
TALOS-2022-1441 Lansweeper lansweeper HelpdeskSetupActions SQL injection vulnerability 2022-02-28 CVE-2022-22149 9.1
TALOS-2021-1413 Gerbv RS-274X aperture macro outline primitive out-of-bounds read vulnerability 2022-02-28 CVE-2021-40400 9.3
TALOS-2022-1443 Lansweeper lansweeper EchoAssets.aspx SQL injection vulnerability 2022-02-28 CVE-2022-21234 9.1
TALOS-2021-1416 Gerbv RS-274X aperture macro multiple outline primitives out-of-bounds read vulnerability 2022-02-28 CVE-2021-40402 9.3
TALOS-2022-1442 Lansweeper WebUserActions.aspx Stored XSS vulnerability 2022-02-28 CVE-2022-21145 9.1
TALOS-2022-1467 MZ Automation GmbH libiec61850 parseNormalModeParameters denial of service vulnerability 2022-02-28 CVE-2022-21159 7.5
TALOS-2022-1444 Lansweeper lansweeper AssetActions.aspx SQL injection vulnerability 2022-02-28 CVE-2022-21210 6.6
TALOS-2021-1431 Swift Sensors Gateway device password generation authentication bypass vulnerability 2022-02-28 CVE-2021-40422 10.0
TALOS-2021-1367 Accusoft ImageGear Palette box parser heap-based buffer overflow vulnerability 2022-02-23 CVE-2021-21938 9.8
TALOS-2021-1377 Accusoft ImageGear JPEG-JFIF Scan header parser out-of-bounds write vulnerability 2022-02-23 CVE-2021-21949 9.8
TALOS-2021-1368 Accusoft ImageGear XWD parser heap-based buffer overflow vulnerability 2022-02-23 CVE-2021-21939 9.8
TALOS-2021-1371 Accusoft ImageGear TIFF YCbCr image parser out-of-bounds write vulnerability 2022-02-23 CVE-2021-21942 9.8
TALOS-2021-1374 Accusoft ImageGear TIFF parser heap-based buffer overflow vulnerabilities 2022-02-23 CVE-2021-21945,CVE-2021-21944 9.8
TALOS-2021-1373 Accusoft ImageGear XWD parser::xwdread_pixmapformat_0_or_1 heap-based buffer overflow vulnerability 2022-02-23 CVE-2021-21943 9.8
TALOS-2021-1362 Accusoft ImageGear DecoderStream::Append heap-based buffer overflow vulnerability 2022-02-23 CVE-2021-21914 9.8
TALOS-2021-1375 Accusoft ImageGear JPEG-JFIF lossless Huffman parser heap-based buffer overflow vulnerabilities 2022-02-23 CVE-2021-21947,CVE-2021-21946 9.8
TALOS-2022-1453 KiCad EDA Gerber Viewer gerber and excellon coordinates parsing stack-based buffer overflow vulnerability 2022-02-16 CVE-2022-23804,CVE-2022-23803 7.8
TALOS-2022-1460 KiCad EDA Gerber Viewer gerber and excellon GCode/Dcode parsing stack-based buffer overflow vulnerability 2022-02-16 CVE-2022-23947,CVE-2022-23946 7.8
TALOS-2021-1386 Hancom Office 2020 Hword HwordApp.dll SectorLoc heap-based buffer overflow 2022-02-15 CVE-2021-21958 7.8
TALOS-2021-1393 Texas Instruments CC3200 SimpleLink Solution HTTP Server /ping.html information disclosure vulnerability 2022-02-15 CVE-2021-21966 5.3
TALOS-2021-1403 Moxa MXView Series Web Application information disclosure vulnerability 2022-02-11 CVE-2021-40392 5.3
TALOS-2021-1401 Moxa MXView Series Web Application authentication bypass vulnerability 2022-02-11 CVE-2021-40390 10.0
TALOS-2021-1396 Sealevel Systems, Inc. SeaConnect 370W HandleSeaCloudMessage out-of-bounds write vulnerabilities 2022-02-01 CVE-2021-21970,CVE-2021-21969 3.7
TALOS-2021-1390 Sealevel Systems, Inc. SeaConnect 370W OTA Update "u-download" heap-based buffer overflow vulnerability 2022-02-01 CVE-2021-21962 9.0
TALOS-2021-1406 Eclipse Foundation Paho MQTTClient-C library readPacket out-of-bounds write vulnerability 2022-02-01 CVE-2021-41036 9.8
TALOS-2021-1397 Sealevel Systems, Inc. SeaConnect 370W URL_decode out-of-bounds write vulnerability 2022-02-01 CVE-2021-21971 3.7
TALOS-2021-1394 Sealevel Systems, Inc. SeaConnect 370W OTA update task out-of-bounds write vulnerability 2022-02-01 CVE-2021-21967 6.5
TALOS-2021-1395 Sealevel Systems, Inc. SeaConnect 370W OTA update task file overwrite vulnerability 2022-02-01 CVE-2021-21968 8.1
TALOS-2021-1392 Sealevel Systems, Inc. SeaConnect 370W Modbus/SeaMAX Remote Configuration denial of service vulnerabilities 2022-02-01 CVE-2021-21965,CVE-2021-21964 8.6
TALOS-2021-1391 Sealevel Systems, Inc. SeaConnect 370W Web Server information disclosure vulnerability 2022-02-01 CVE-2021-21963 7.4
TALOS-2021-1389 Sealevel Systems, Inc. SeaConnect 370W LLMNR/NBNS stack-based buffer overflow vulnerabilities 2022-02-01 CVE-2021-21960,CVE-2021-21961 10.0
TALOS-2021-1388 Sealevel Systems, Inc. SeaConnect 370W MQTTS Certificate Validation vulnerability 2022-02-01 CVE-2021-21959 7.7
TALOS-2021-1417 Gerbv pick-and-place rotation parsing use of uninitialized variable vulnerability 2022-01-31 CVE-2021-40403 5.8
TALOS-2022-1439 Foxit Reader getPageNthWordQuads mishandled exception vulnerability 2022-01-31 CVE-2022-22150 8.8
TALOS-2021-1429 Foxit Reader deletePages use-after-free vulnerability 2022-01-31 CVE-2021-40420 8.8
TALOS-2021-1415 Gerbv RS-274X aperture definition tokenization use-after-free vulnerability 2022-01-31 CVE-2021-40401 10.0
TALOS-2021-1398 Google Chrome MediaStreamTrackGenerator use after free vulnerability 2022-01-27 CVE-2021-38008 8.3
TALOS-2021-1428 Reolink RLC-410W "factory" binary firmware update vulnerability 2022-01-26 CVE-2021-40419 10.0
TALOS-2021-1425 Reolink RLC-410W cgiserver.cgi cgi_check_ability improper access control vulnerabilities 2022-01-26 CVE-2021-40413, CVE-2021-40414, CVE-2021-40415,CVE-2021-40416 7.1
TALOS-2022-1451 Reolink RLC-410W netserver parse_command_list memory corruption vulnerability 2022-01-26 CVE-2022-21796 9.3
TALOS-2022-1446 Reolink RLC-410W web server misconfiguration information disclosure vulnerability 2022-01-26 CVE-2022-21236 8.1
TALOS-2021-1422 Reolink RLC-410W cgiserver.cgi Upgrade API denial of service vulnerability 2022-01-26 CVE-2021-40405 7.7
TALOS-2021-1421 Reolink RLC-410W cgiserver.cgi JSON command parser denial of service vulnerabilities 2022-01-26 CVE-2021-44354,CVE-2021-44355, CVE-2021-44356, CVE-2021-44357, CVE-2021-44358, CVE-2021-44359, CVE-2021-44360, CVE-2021-44361, CVE-2021-44362, CVE-2021-44363, CVE-2021-44364, CVE-2021-44365, CVE-2021-44366, CVE-2021-44367, CVE-2021-44368, CVE-2021-44369, CVE-2021-44370, CVE-2021-44371, CVE-2021-44372, CVE-2021-44373, CVE-2021-44374, CVE-2021-44375, CVE-2021-44376, CVE-2021-44377, CVE-2021-44378, CVE-2021-44379, CVE-2021-44380, CVE-2021-44381, CVE-2021-44382, CVE-2021-44383, CVE-2021-44384, CVE-2021-44385, CVE-2021-44386, CVE-2021-44387, CVE-2021-44388, CVE-2021-44389, CVE-2021-44390, CVE-2021-44391, CVE-2021-44392, CVE-2021-44393, CVE-2021-44394, CVE-2021-44395, CVE-2021-44396, CVE-2021-44397, CVE-2021-44398, CVE-2021-44399, CVE-2021-44400,CVE-2021-44401, CVE-2021-44402,CVE-2021-44403,CVE-2021-44404,CVE-2021-44405, CVE-2021-44406, CVE-2021-44407, CVE-2021-44408, CVE-2021-44409, CVE-2021-44410, CVE-2021-44411, CVE-2021-44412, CVE-2021-44413, CVE-2021-44414, CVE-2021-44415, CVE-2021-44416, CVE-2021-44417, CVE-2021-44418, CVE-2021-44419 8.6
TALOS-2022-1448 Reolink RLC-410W hardcoded TLS key information disclosure vulnerability 2022-01-26 CVE-2022-21199 7.5
TALOS-2022-1450 Reolink RLC-410W netserver recv_command denial of service vulnerability 2022-01-26 CVE-2022-21801 8.6
TALOS-2021-1432 Reolink RLC-410W cgiserver.cgi command parser denial of service vulnerability 2022-01-26 CVE-2021-40423 7.5
TALOS-2021-1420 Reolink RLC-410W cgiserver.cgi Login authentication bypass vulnerability 2022-01-26 CVE-2021-40404 5.3
TALOS-2021-1424 Reolink RLC-410W device network settings OS command injection vulnerabilities 2022-01-26 CVE-2021-40407,CVE-2021-40408, CVE-2021-40409, CVE-2021-40410,CVE-2021-40411,CVE-2021-40412 9.1
TALOS-2022-1447 Reolink RLC-410W "update" firmware checks firmware update vulnerability 2022-01-26 CVE-2022-21134 8.3
TALOS-2022-1445 Reolink RLC-410W device TestEmail out-of-bounds write vulnerability 2022-01-26 CVE-2022-21217 9.1
TALOS-2021-1423 Reolink RLC-410W cgiserver.cgi session creation denial of service vulnerability 2022-01-26 CVE-2021-40406 7.5
TALOS-2021-1414 Apple macOS ImageIO DDS image out-of-bounds read vulnerability 2022-01-25 CVE-2021-30939 5.3
TALOS-2021-1400 Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability 2022-01-18 CVE-2021-40389 8.8
TALOS-2021-1408 Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability 2022-01-18 CVE-2021-40396 8.8
TALOS-2021-1409 Advantech WISE-PaaS/OTA 3.0.9 Server installation privilege escalation vulnerability 2022-01-18 CVE-2021-40397 8.8
TALOS-2021-1399 Advantech SQ Manager Server 1.0.6 privilege escalation vulnerability 2022-01-18 CVE-2021-40388 8.8
TALOS-2021-1387 Adobe Acrobat Reader Javascript event.richValue use-after-free vulnerability 2022-01-11 CVE-2021-44710 8.8
TALOS-2021-1410 Adobe Acrobat Reader DC annotation gestures integer overflow vulnerability 2022-01-11 CVE-2021-44711 8.8
TALOS-2021-1372 Google Chrome WebRTC RTPSenderVideoFrameTransformerDelegate memory corruption vulnerability 2022-01-10 CVE-2021-37979 7.1
TALOS-2021-1376 AnyCubic Chitubox AnyCubic Plugin readDatHeadVec heap-based buffer overflow vulnerability 2022-01-10 CVE-2021-21948 7.8
TALOS-2021-1357 Garrett Metal Detectors iC Module CMA CLI readfile stack-based buffer overflow vulnerabilities 2021-12-20 CVE-2021-21905,CVE-2021-21906 8.2
TALOS-2021-1353 Garrett Metal Detectors iC Module CMA check_udp_crc memcpy stack-based buffer overflow vulnerability 2021-12-20 CVE-2021-21901 9.8
TALOS-2021-1354 Garrett Metal Detectors iC Module CMA run_server_6877 authentication bypass vulnerability 2021-12-20 CVE-2021-21902 7.5
TALOS-2021-1358 Garrett Metal Detectors iC Module CMA CLI getenv command directory traversal vulnerability 2021-12-20 CVE-2021-21907 4.9
TALOS-2021-1355 Garrett Metal Detectors iC Module CMA check_udp_crc strcpy stack-based buffer overflow vulnerability 2021-12-20 CVE-2021-21903 9.8
TALOS-2021-1359 Garrett Metal Detectors iC Module CMA CLI del[env] command directory traversal vulnerabilities 2021-12-20 CVE-2021-21908,CVE-2021-21909 6.0
TALOS-2021-1356 Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability 2021-12-20 CVE-2021-21904 9.1
TALOS-2021-1427 Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame parsing uninitialized uuid object vulnerability 2021-12-20 CVE-2021-40418 9.8
TALOS-2021-1426 Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame decoding heap-based buffer overflow vulnerability 2021-12-20 CVE-2021-40417 9.8
TALOS-2021-1404 Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability 2021-12-06 CVE-2021-40393 10.0
TALOS-2021-1384 Dream Report ODS Remote Connector privilege escalation vulnerability 2021-12-06 CVE-2021-21957 8.8
TALOS-2021-1405 Gerbv RS-274X aperture macro outline primitive integer overflow vulnerability 2021-12-06 CVE-2021-40394 10.0
TALOS-2021-1352 Google Chrome Blink setBaseAndExtent use after free vulnerability 2021-11-30 CVE-2021-30625 8.3
TALOS-2021-1381 Anker Eufy Homebase 2 home_security wifi_country_code_update command execution vulnerability 2021-11-29 CVE-2021-21954 9.9
TALOS-2021-1380 Anker Eufy Homebase 2 home_security process_msg() authentication bypass vulnerability 2021-11-29 CVE-2021-21953 7.7
TALOS-2021-1378 Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_SERVER_LIST_REQUEST out-of-bounds write vulnerability 2021-11-29 CVE-2021-21950,CVE-2021-21951 10.0
TALOS-2021-1379 Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_RSA_KEY_REQUEST authentication bypass vulnerability 2021-11-29 CVE-2021-21952 9.4
TALOS-2021-1382 Anker Eufy Homebase 2 home_security get_aes_key_info_by_packetid() authentication bypass vulnerability 2021-11-29 CVE-2021-21955 7.7
TALOS-2021-1360 Advantech R-SeeNet installation privilege escalation vulnerability 2021-11-22 CVE-2021-21910, CVE-2021-21911, CVE-2021-21912 8.8
TALOS-2021-1383 CloudLinux Inc Imunify360 Ai-Bolit php unserialize vulnerability 2021-11-22 CVE-021-21956 8.2
TALOS-2021-1363 Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'group_list' page 2021-11-22 CVE-2021-21915,CVE-2021-21916,CVE-2021-21917 7.7
TALOS-2021-1364 Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'company_list' page 2021-11-22 CVE-2021-21918,CVE-2021-21919 7.7
TALOS-2021-1366 Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'device_list' page 2021-11-22 CVE-2021-21924,CVE-2021-21925,CVE-21926,CVE-2021-21927,CVE-2021-21928,CVE-2021-21929,CVE-2021-21930,CVE-2021-21931,CVE-2021-21932,CVE-2021-21933,CVE-2021-21934,CVE-2021-21935,CVE-2021-21936,CVE-2021-21937 7.7
TALOS-2021-1365 Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'user_list' page 2021-11-22 CVE-2021-21920,CVE-2021-21921, CVE-2021-21922,CVE-2021-21923 7.7
TALOS-2021-1350 LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability 2021-11-17 CVE-2021-21899 8.8
TALOS-2021-1351 LibreCad libdxfrw dxfRW::processLType() use-after-free vulnerability 2021-11-17 CVE-2021-21900 8.8
TALOS-2021-1349 LibreCad libdxfrw dwgCompressor::decompress18() out-of-bounds write vulnerability 2021-11-17 CVE-2021-21898 8.8
TALOS-2021-1348 Google Chrome WebRTC addIceCandidate use after free vulnerability 2021-11-16 CVE-2021-30602 8.3
TALOS-2021-1331 Lantronix PremierWave 2050 Web Manager SslGenerateCSR stack-based buffer overflow vulnerability 2021-11-15 CVE-2021-21887 9.1
TALOS-2021-1332 Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability 2021-11-15 CVE-2021-21888 9.1
TALOS-2021-1325 Lantronix PremierWave 2050 Web Manager Wireless Network Scanner OS command injection vulnerability 2021-11-15 CVE-2021-21881 9.9
TALOS-2021-1330 Lantronix PremierWave 2050 Web Manager FSBrowsePage directory traversal vulnerability 2021-11-15 CVE-2021-21886 4.3
TALOS-2021-1322 Lantronix PremierWave 2050 Web Manager Applications and FsBrowse local file inclusion vulnerability 2021-11-15 CVE-2021-21878 4.9
TALOS-2021-1324 Lantronix PremierWave 2050 Web Manager FsCopyFile directory traversal vulnerability 2021-11-15 CVE-2021-21880 7.2
TALOS-2021-1328 Lantronix PremierWave 2050 Web Manager SslGenerateCSR OS command injection vulnerability 2021-11-15 CVE-2021-21884 9.1
TALOS-2021-1333 Lantronix PremierWave 2050 Web Manager Ping stack-based buffer overflow vulnerability 2021-11-15 CVE-2021-21889 9.9
TALOS-2021-1326 Lantronix PremierWave 2050 Web Manager FsUnmount OS command injection vulnerability 2021-11-15 CVE-2021-21882 9.9
TALOS-2021-1334 Lantronix PremierWave 2050 Web Manager FsBrowseClean stack-based buffer overflow vulnerability 2021-11-15 CVE-2021-21890,CVE-2021-21891 9.1
TALOS-2021-1314 Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities 2021-11-15 CVE-2021-21873,CVE-2021-21874,CVE-2021-21875 9.1
TALOS-2021-1323 Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability 2021-11-15 CVE-2021-21879 9.9
TALOS-2021-1329 Lantronix PremierWave 2050 Web Manager FsMove directory traversal vulnerability 2021-11-15 CVE-2021-21885 7.2
TALOS-2021-1312 Lantronix PremierWave 2050 Web Manager Diagnostics: Traceroute OS command injection vulnerability 2021-11-15 CVE-2021-21872 9.9
TALOS-2021-1337 Lantronix PremierWave 2050 Web Manager FsTFtp directory traversal vulnerability 2021-11-15 CVE-2021-21894,CVE-2021-21895 9.1
TALOS-2021-1315 Lantronix PremierWave 2050 Web Manager FsTFtp OS command injection vulnerabilities 2021-11-15 CVE-2021-21876,CVE-2021-21877 9.1
TALOS-2021-1335 Lantronix PremierWave 2050 Web Manager FsUnmount stack-based buffer overflow vulnerability 2021-11-15 CVE-2021-21892 9.9
TALOS-2021-1327 Lantronix PremierWave 2050 Web Manager Diagnostics: Ping OS command injection vulnerability 2021-11-15 CVE-2021-21883 9.9
TALOS-2021-1338 Lantronix PremierWave 2050 Web Manager FsBrowseClean directory traversal vulnerability 2021-11-15 CVE-2021-21896 4.9
TALOS-2021-1341 Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging stage-without-manifest denial of service vulnerability 2021-11-09 -- 6.0
TALOS-2021-1343 Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability 2021-11-09 CVE-2021-41376 2.3
TALOS-2021-1342 Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability 2021-11-09 CVE-2021-42300 6.0
TALOS-2021-1347 Microsoft Azure Sphere Pluton concurrent syscalls denial of service vulnerability 2021-11-09 -- 6.2
TALOS-2021-1340 Microsoft Azure Sphere Kernel GPIO_GET_PIN_ACCESS_CONTROL_USER information disclosure vulnerability 2021-11-09 None 4.4
TALOS-2021-1339 Microsoft Azure Sphere Kernel GPIO_SET_PIN_CONFIG_IOCTL information disclosure vulnerability 2021-11-09 None 6.7
TALOS-2021-1344 Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging 1BL firmware downgrade vulnerability 2021-11-09 -- 6.0
TALOS-2021-1402 Gerbv drill format T-code tool number out-of-bounds write vulnerability 2021-11-04 CVE-2021-40391 10.0
TALOS-2021-1317 ZTE MF971R Referer authentication bypass vulnerability 2021-10-18 CVE-2021-21745 4.7
TALOS-2021-1321 ZTE MF971R STK_PROCESS stack-based buffer overflow vulnerability 2021-10-18 CVE-2021-21749 8.3
TALOS-2021-1318 ZTE MF971R sms_cmd_status_info cross-site scripting vulnerability 2021-10-18 CVE-2021-21746 6.1
TALOS-2021-1320 ZTE MF971R ADB_MODE_SWITCH stack-based buffer overflow vulnerability 2021-10-18 CVE-2021-21748 9.6
TALOS-2021-1316 ZTE MF971R goform_get_cmd_process Config Control External config control vulnerability 2021-10-18 CVE-2021-21744 5.4
TALOS-2021-1319 ZTE MF971R xmlclient cross-site scripting vulnerability 2021-10-18 CVE-2021-21747 6.1
TALOS-2021-1313 ZTE MF971R HTTP_HOST CRLF Injection vulnerability 2021-10-18 CVE-2021-21743 6.3
TALOS-2021-1266 Nitro Pro PDF JavaScript TimeOutObject double free vulnerability 2021-10-13 CVE-2021-21797 8.8
TALOS-2021-1265 Nitro Pro PDF JavaScript local_file_path Object use-after-free vulnerability 2021-10-13 CVE-2021-21796 8.8
TALOS-2021-1259 Microsoft Office Excel 2019/365 ConditionalFormatting code execution vulnerability 2021-10-12 CVE-2021-40474 8.8
TALOS-2021-1369 Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability 2021-10-11 CVE-2021-21940 10.0
TALOS-2021-1370 Anker Eufy Homebase 2 pushMuxer CreatePushThread use-after-free vulnerability 2021-10-11 CVE-2021-21941 10.0
TALOS-2021-1361 D-LINK DIR-3040 WiFi Smart Mesh information disclosure vulnerability 2021-09-23 CVE-2021-21913 10.0
TALOS-2021-1309 Microsoft Azure Sphere Security Monitor SMSyscallPeripheralAcquire information disclosure vulnerability 2021-09-14 None 4.4
TALOS-2021-1267 Nitro Pro PDF JavaScript document.flattenPages JSStackFrame stack-based use-after-free vulnerability 2021-09-13 CVE-2021-21798 8.8
TALOS-2021-1346 Ribbonsoft dxflib DL_Dxf::handleLWPolylineData heap-based buffer overflow vulnerability 2021-09-07 CVE-2021-21897 8.8
TALOS-2021-1295 Disc Soft Ltd Daemon Tools Pro ISO Parsing memory corruption vulnerability 2021-08-17 CVE-2021-21832 8.1
TALOS-2021-1297 GPAC Project on Advanced Content library MPEG-4 Decoding multiple multiplication integer overflow vulnerabilities 2021-08-16 CVE-2021-21834, CVE-2021-21835, CVE-2021-21836, CVE-2021-21837, CVE-2021-21838, CVE-2021-21839, CVE-2021-21840, CVE-2021-21841, CVE-2021-21842, CVE-2021-21843, CVE-2021-21844, CVE-2021-21845, CVE-2021-21846, CVE-2021-21847, CVE-2021-21848, CVE-2021-21849, CVE-2021-21850, CVE-2021-21851, CVE-2021-21852 8.8
TALOS-2021-1298 GPAC Project Advanced Content MPEG-4 Decoding multiple integer truncation vulnerabilities 2021-08-16 CVE-2021-21859,CVE-2021-21860,CVE-2021-21861,CVE-2021-21862 8.8
TALOS-2021-1299 GPAC Project Advanced Content MPEG-4 Decoding multiple integer addition overflow vulnerabilities 2021-08-16 CVE-2021-21853, CVE-2021-21854,CVE-2021-21855,CVE-2021-21856,CVE-2021-21857,CVE-2021-21858 8.8
TALOS-2021-1279 AT&T Labs Xmill XML parsing CreateLabelOrAttrib memory corruption vulnerability 2021-08-11 CVE-2021-21811 8.1
TALOS-2021-1280 AT&T Labs Xmill multiple command line parsing vulnerabilities 2021-08-10 CVE-2021-21812, CVE-2021-21813, CVE-2021-21814, CVE-2021-21815 7.8
TALOS-2021-1293 AT&T Labs Xmill XML decompression LabelDict::Load heap-based buffer overflow vulnerability 2021-08-10 CVE-2021-21830 8.1
TALOS-2021-1291 AT&T Labs Xmill XML decompression DecodeTreeBlock multiple heap-based buffer overflow vulnerabilities 2021-08-10 CVE-2021-21826, CVE-2021-21827, CVE-2021-21828 8.1
TALOS-2021-1290 AT&T Labs Xmill XML decompression PlainTextUncompressor::UncompressItem heap-based buffer overflow vulnerability 2021-08-10 CVE-2021-21825 8.1
TALOS-2021-1292 AT&T Labs Xmill XML decompression EnumerationUncompressor::UncompressItem heap-based buffer overflow vulnerability 2021-08-10 CVE-2021-21829 8.1
TALOS-2021-1278 AT&T Labs Xmill XML parsing ParseAttribs memory corruption vulnerability 2021-08-10 CVE-2021-21810 8.1
TALOS-2021-1310 Microsoft Azure Sphere Security Monitor SMSyscallWriteBlockToStageImage information disclosure vulnerability 2021-08-10 None 4.4
TALOS-2021-1311 Microsoft Azure Sphere Security Monitor SECTION_ABIDepends denial of service vulnerability 2021-08-10 None 6.0
TALOS-2021-1345 Mozilla Firefox MediaCacheStream::NotifyDataReceived use-after-free vulnerability 2021-08-10 CVE-2021-29985 8.8
TALOS-2020-1212 tinyobjloader LoadObj improper array index validation vulnerability 2021-07-30 CVE-2020-28589 9.6
TALOS-2021-1307 Foxit Reader FileAttachment annotation use-after-free vulnerability redux 2021-07-27 CVE-2021-21870 8.8
TALOS-2021-1294 Foxit Reader removeField use-after-free vulnerability 2021-07-27 CVE-2021-21831 8.8
TALOS-2021-1336 Foxit Reader Field OnFocus event use-after-free vulnerability 2021-07-27 CVE-2021-21893 8.8
TALOS-2021-1303 CODESYS Development System ObjectManager.plugin ProfileInformation.ProfileData Unsafe Deserialization vulnerability 2021-07-26 CVE-2021-21866 8.8
TALOS-2021-1302 CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability 2021-07-26 CVE-2021-21865 8.8
TALOS-2021-1306 CODESYS Development System Engine.plugin ProfileInformation ProfileData Unsafe Deserialization vulnerability 2021-07-26 CVE-2021-21869 8.8
TALOS-2021-1300 CODESYS Development System ComponentModel Profile.FromFile() Unsafe Deserialization vulnerability 2021-07-26 CVE-2021-21863 8.8
TALOS-2021-1301 CODESYS Development System ComponentModel ComponentManager.StartupCultureSettings Unsafe Deserialization vulnerability 2021-07-26 CVE-2021-21864 7.8
TALOS-2021-1305 CODESYS Development System ObjectManager.plugin Project.get_MissingTypes() Unsafe Deserialization vulnerability 2021-07-26 CVE-2021-21868 8.8
TALOS-2021-1304 CODESYS Development System ObjectManager.plugin ObjectStream.ProfileByteArray Unsafe Deserialization vulnerability 2021-07-26 CVE-2021-21867 8.8
TALOS-2021-1270 Advantech R-SeeNet telnet_form.php Reflected XSS vulnerability 2021-07-15 CVE-2021-21799 9.6
TALOS-2021-1284 D-LINK DIR-3040 Libcli command injection vulnerability 2021-07-15 CVE-2021-21819 9.1
TALOS-2021-1282 D-LINK DIR-3040 Zebra IP routing manager information disclosure vulnerability 2021-07-15 CVE-2021-21817 7.5
TALOS-2021-1273 Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability 2021-07-15 CVE-2021-21804 8.1
TALOS-2021-1272 Advantech R-SeeNet device_graph_page.php Multiple Reflected XSS vulnerabilities 2021-07-15 CVE-2021-21801, CVE-2021-21802, CVE-2021-21803 9.6
TALOS-2021-1271 Advantech R-SeeNet ssh_form.php Reflected XSS vulnerability 2021-07-15 CVE-2021-21800 9.6
TALOS-2021-1281 D-LINK DIR-3040 Syslog information disclosure vulnerability 2021-07-15 CVE-2021-21816 6.5
TALOS-2021-1285 D-LINK DIR-3040 Libcli test environment hard-coded password vulnerability 2021-07-15 CVE-2021-21820 10.0
TALOS-2021-1283 D-LINK DIR-3040 Syslog information disclosure vulnerability 2021-07-15 CVE-2021-21818 6.5
TALOS-2021-1274 Advantech R-SeeNet ping.php OS Command Injection vulnerability 2021-07-15 CVE-2021-21805 9.8
TALOS-2021-1254 IOBit Advanced SystemCare ultimate privileged I/O write vulnerabilities 2021-07-07 CVE-2021-21787, CVE-2021-21788,CVE-2021-21789 8.8
TALOS-2021-1252 IOBit Advanced SystemCare Ultimate exposed IOCTL 0x9c40a148 vulnerability 2021-07-07 CVE-2021-21785 6.5
TALOS-2021-1253 IOBit Advanced SystemCare Ultimate exposed IOCTL 0x9c406144 vulnerability 2021-07-07 CVE-2021-21786 8.8
TALOS-2021-1255 IOBit Advanced SystemCare Ultimate Privileged I/O Read vulnerabilities 2021-07-07 CVE-2021-21790, CVE-2021-21791, CVE-2021-21792 6.5
TALOS-2021-1308 PowerISO DMG File Format Handler memory corruption vulnerability 2021-06-28 CVE-2021-21871 8.8
TALOS-2021-1277 Moodle spellchecker plugin command execution vulnerability 2021-06-22 CVE-2021-21809 8.2
TALOS-2021-1234 EIP Stack Group OpENer Ethernet/IP UDP handler information disclosure vulnerability 2021-06-16 CVE-2021-21777 8.6
TALOS-2021-1288 Komoot GmbH Komoot Friend finder information disclosure vulnerability 2021-06-09 CVE-2021-21823 5.3
TALOS-2021-1251 Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability 2021-06-08 CVE-2021-30522 8.3
TALOS-2021-1263 Apple macOS SMB server lock request infinite loop 2021-06-02 CVE-2021-30716 6.5
TALOS-2021-1269 Apple macOS SMB server directory query arbitrary file access 2021-06-02 CVE-2021-30721 4.3
TALOS-2021-1260 Apple macOS SMB server directory query request integer overflow vulnerability 2021-06-02 CVE-2021-30717 7.5
TALOS-2021-1246 Apple macOS SMB server TREE_CONNECT stack buffer overflow vulnerability 2021-06-02 CVE-2020-10005 8.5
TALOS-2021-1258 Apple macOS SMB server IOCTL request uninitialized stack variable vulnerability 2021-06-02 CVE-2021-30712 4.2
TALOS-2021-1268 Apple macOS SMB server create file request uninitialized memory disclosure 2021-06-02 CVE-2021-30722 6.5
TALOS-2021-1238 Webkit WebCore::GraphicsContext use-after-free vulnerability 2021-06-02 CVE-2021-21779 6.8
TALOS-2021-1229 Webkit ImageLoader dispatchPendingErrorEvent use-after-free vulnerability 2021-06-02 CVE-2021-21775 6.8
TALOS-2021-1296 Accusoft ImageGear TIF IP_planar_raster_unpack improper array index validation vulnerability 2021-06-01 CVE-2021-21833 9.8
TALOS-2021-1257 Accusoft ImageGear JPG sof_nb_comp header processing out-of-bounds write vulnerability 2021-06-01 CVE-2021-21793 9.8
TALOS-2021-1261 Accusoft ImageGear TIF bits_per_sample processing out-of-bounds write vulnerability 2021-06-01 CVE-2021-21794 9.8
TALOS-2021-1286 Accusoft ImageGear PDF process_fontname stack-based buffer overflow vulnerability 2021-06-01 CVE-2021-21821 9.8
TALOS-2021-1276 Accusoft ImageGear PNG png_palette_process memory corruption vulnerability 2021-06-01 CVE-2021-21808 8.1
TALOS-2021-1275 Accusoft ImageGear DICOM parse_dicom_meta_info integer overflow vulnerability 2021-06-01 CVE-2021-21807 9.8
TALOS-2021-1289 Accusoft ImageGear JPG Handle_JPEG420 out-of-bounds write vulnerability 2021-06-01 CVE-2021-21824 8.1
TALOS-2021-1243 Linux Kernel Arm SIGPAGE information disclosure vulnerability 2021-05-28 CVE-2021-21781 4.0
TALOS-2021-1231 Trend Micro Inc. Home Network Security tdts.ko chrdev_ioctl_handle privilege escalation vulnerability 2021-05-24 CVE-2021-32458 7.8
TALOS-2021-1241 Trend Micro Inc. Home Network Security SFTP log collection server hard-coded password vulnerability 2021-05-24 CVE-2021-32459 4.9
TALOS-2021-1230 Trend Micro, Inc. Home Network Security tdts.ko chrdev_ioctl_handle privilege escalation vulnerability 2021-05-24 CVE-2021-32457 7.8
TALOS-2021-1235 Google Chrome AudioDelayDSPKernel::ProcessKRate heap-based buffer overflow vulnerability 2021-05-19 CVE-2021-21160 8.8
TALOS-2021-1237 Apple macOS SMB server signature verification information disclosure vulnerability 2021-05-19 CVE-2021-1878 7.1
TALOS-2021-1233 Adobe Acrobat Reader DC JavaScript search query code execution vulnerability 2021-05-11 CVE-2021-28562 8.0
TALOS-2021-1287 Foxit Reader FileAttachment annotation use-after-free vulnerability 2021-05-06 CVE-2021-21822 8.8
TALOS-2020-1142 Systemd DHCP client denial-of-service vulnerability 2021-04-26 CVE-2020-13529 6.1
TALOS-2021-1236 MZ Automation GmbH lib60870.NET ASDU message processing denial of service vulnerability 2021-04-26 CVE-2021-21778 7.5
TALOS-2021-1239 Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability 2021-04-22 None 7.4
TALOS-2021-1240 Trend Micro Inc. Home Network Security tdts.ko TRF file-parsing denial-of-service vulnerability 2021-04-22 None 7.4
TALOS-2020-1219 Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability 2021-04-21 CVE-2020-28595 8.8
TALOS-2020-1220 Prusa Research PrusaSlicer Objparser::objparse() stack-based buffer overflow vulnerability 2021-04-21 CVE-2020-28596 8.8
TALOS-2020-1222 Prusa Research PrusaSlicer Admesh stl_fix_normal_directions() out-of-bounds write vulnerability 2021-04-21 CVE-2020-28598 8.8
TALOS-2020-1160 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability 2021-04-19 CVE-2021-26564, CVE-2021-26565, CVE-2021-26566 8.3
TALOS-2020-1159 Synology DSM synoagentregisterd server finder out-of-bounds write vulnerability 2021-04-19 CVE-2021-26560, CVE-2021-26561, CVE-2021-26562 9.4
TALOS-2020-1216 Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability 2021-04-15 CVE-2020-28592 8.1
TALOS-2020-1217 Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability 2021-04-15 CVE-2020-28593 8.1
TALOS-2020-1202 OpenClinic GA web portal SQL injection vulnerability in 'statistics/quickFile.jsp' page 2021-04-13 CVE-2020-27226 6.4
TALOS-2021-1262 Microsoft Azure Sphere Kernel pwm_ioctl_apply_state kfree() code execution vulnerability 2021-04-13 CVE-2021-28460 8.1
TALOS-2020-1204 OpenClinic GA installation privilege escalation vulnerability 2021-04-13 CVE-2020-27228 8.8
TALOS-2020-1207 OpenClinic GA web portal multiple SQL injection vulnerabilities in the 'getAssets.jsp' page 2021-04-13 CVE-2020-27233, CVE-2020-27234, CVE-2020-27235, CVE-2020-27236, CVE-2020-27237, CVE-2020-27238, CVE-2020-27239, CVE-2020-27240, CVE-2020-27241 6.4
TALOS-2021-1249 Microsoft Azure Sphere Linux namespace ptrace unsigned code execution vulnerability 2021-04-13 CVE-2021-27074 6.2
TALOS-2021-1247 Microsoft Azure Sphere mount namespace unsigned code execution vulnerability 2021-04-13 CVE-2021-27074 6.2
TALOS-2021-1250 Microsoft Azure Sphere mqueue inode initialization kernel code execution vulnerability 2021-04-13 CVE-2021-27080 9.3
TALOS-2020-1206 OpenClinic GA Web portal SQL injection vulnerability in 'manageServiceStocks.jsp' page 2021-04-13 CVE-2020-27232 6.4
TALOS-2020-1208 OpenClinic GA web portal multiple SQL injection vulnerabilities in 'listImmoLabels.jsp' page 2021-04-13 CVE-2020-27242, CVE-2020-27243, CVE-2020-27244, CVE-2020-27245, CVE-2020-27246 6.4
TALOS-2020-1203 OpenClinic GA unauthenticated command injection vulnerability 2021-04-13 CVE-2020-27227 10.0
TALOS-2020-1205 OpenClinic GA web portal multiple SQL injection vulnerabilities in 'patientslist.do' page 2021-04-13 CVE-2020-27229, CVE-2020-27230, CVE-2020-27231 6.4
TALOS-2020-1146 Dream Report platform privilege escalation vulnerability 2021-04-08 CVE-2020-13532, CVE-2020-13533, CVE-2020-13534 9.3
TALOS-2020-1198 Rukovoditel Project Management App SQL injection vulnerability in the 'forms_fields_rules/rules' page 2021-04-08 CVE-2020-13587 5.4
TALOS-2020-1200 Rukovoditel Project Management App application SQL injection vulnerability in the 'access_rules/rules_form' page 2021-04-08 CVE-2020-13591 5.4
TALOS-2020-1199 Rukovoditel Project Management App multiple SQL injection vulnerabilities in the 'entities/fields' page 2021-04-08 CVE-2020-13588, CVE-2020-13589, CVE-2020-13599 5.4
TALOS-2020-1201 Rukovoditel Project Management App application SQL injection vulnerability in the 'global_lists/choices' page 2021-04-08 CVE-2020-13592 5.4
TALOS-2021-1227 Accusoft ImageGear TIFF Header count processing out-of-bounds write vulnerability 2021-03-30 CVE-2021-21773 8.1
TALOS-2021-1232 Accusoft ImageGear SGI Format Buffer Size Processing out-of-bounds write vulnerability 2021-03-30 CVE-2021-21776 9.8
TALOS-2021-1244 Accusoft ImageGear SGI format buffer size processing out-of-bounds write vulnerability 2021-03-30 CVE-2021-21782 9.8
TALOS-2021-1245 Genivia gSOAP WS-Addressing plugin code execution vulnerability redux 2021-03-24 CVE-2021-21783 9.8
TALOS-2021-1264 Accusoft ImageGear PSD read_icc_icCurve_data heap-based buffer overflow vulnerability 2021-03-16 CVE-2021-21795 9.8
TALOS-2021-1226 3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability 2021-03-10 CVE-2021-21772 8.1
TALOS-2020-1226 3MF Consortium lib3mf NMR::COpcPackageReader::releaseZIP() use-after-free vulnerability 2021-03-10 CVE-2021-21772 8.1
TALOS-2021-1248 Accusoft ImageGear JPG format SOF marker processing out-of-bounds write vulnerability 2021-03-02 CVE-2021-21784 9.8
TALOS-2020-1213 Slic3r libslic3r Obj File TriangleMesh::TriangleMesh() out-of-bounds read vulnerability 2021-02-24 CVE-2020-28590 8.6
TALOS-2020-1225 CGAL libcgal multiple code execution vulnerabilities in Nef polygon-parsing code 2021-02-24 CVE-2020-28601,CVE-2020-28602,CVE-2020-28603,CVE-2020-28604,CVE-2020-28605,CVE-2020-28606,CVE-2020-28607,CVE-2020-28608,CVE-2020-28609,CVE-2020-28610,CVE-2020-28611,CVE-2020-28612,CVE-2020-28613,CVE-2020-28614,CVE-2020-28615,CVE-2020-28616, CVE-2020-28617,CVE-2020-28618,CVE-2020-28619,CVE-2020-28620, CVE-2020-28621,CVE-2020-28622,CVE-2020-28623,CVE-2020-28624,CVE-2020-28625,CVE-2020-28626,CVE-2020-28627,CVE-2020-28628,CVE-2020-28629,CVE-2020-28630,CVE-2020-28631,CVE-2020-28632,CVE-2020-28633,CVE-2020-28634,CVE-2020-28635,CVE-2020-28636,CVE-2020-35628,CVE-2020-35629,CVE-2020-35630, CVE-2020-35631,CVE-2020-35632,CVE-2020-35633,CVE-2020-35634,CVE-2020-35635,CVE-2020-35636 10.0
TALOS-2020-1223 Openscad import_stl.cc:import_stl() stack-based buffer overflow vulnerability 2021-02-23 CVE-2020-28599 8.8
TALOS-2020-1224 Openscad import_stl.cc:import_stl() out-of-bounds stack write vulnerability 2021-02-23 CVE-2020-28600 8.8
TALOS-2020-1167 Sytech XL reporter installation privilege escalation vulnerability 2021-02-19 CVE-2020-13549 8.8
TALOS-2020-1168 Advantech WebAccess/SCADA installation local file inclusion 2021-02-16 CVE-2020-13550 7.7
TALOS-2020-1169 Advantech WebAccess/SCADA installation privilege escalation vulnerability 2021-02-16 CVE-2020-13551, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554, CVE-2020-13555 8.8
TALOS-2020-1182 Accusoft ImageGear SGI RLE decompression out-of-bounds write vulnerability 2021-02-09 CVE-2020-13571 9.8
TALOS-2020-1176 Accusoft ImageGear TIFF index record out-of-bounds write vulnerability 2021-02-09 CVE-2020-13561 9.8
TALOS-2020-1196 Accusoft ImageGear PSD Header processing out-of-bounds write vulnerability 2021-02-09 CVE-2020-13585 9.8
TALOS-2020-1183 Accusoft ImageGear GIF LZW decoder heap overflow vulnerability 2021-02-05 CVE-2020-13572 9.8
TALOS-2020-1191 SoftMaker Office PlanMaker Document Record 0x8010 out-of-bounds write vulnerability 2021-02-03 CVE-2020-13580 8.8
TALOS-2020-1190 SoftMaker Office PlanMaker Document Records 0x8011 and 0x820a integer overflow vulnerability 2021-02-03 CVE-2020-13579 8.8
TALOS-2020-1192 SoftMaker Office PlanMaker Document Record 0x800d memory corruption vulnerability 2021-02-03 CVE-2020-13581 8.8
TALOS-2020-1210 SoftMaker Office PlanMaker Excel document CEscherObject::ReadNativeProperties multiple heap buffer overflow vulnerabilities 2021-02-03 CVE-2020-27247, CVE-2020-27248, CVE-2020-27249,CVE-2020-27250,CVE-2020-28587 8.8
TALOS-2020-1197 SoftMaker Office PlanMaker Excel document record 0x00fc memory corruption vulnerability 2021-02-03 CVE-2020-13586 8.8
TALOS-2020-1008 Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Network Segment Denial of Service Vulnerability 2021-02-02 CVE-2020-6088 7.5
TALOS-2020-1177 phpGACL template multiple cross-site scripting vulnerabilities 2021-01-27 CVE-2020-13562, CVE-2020-13563, CVE-2020-13564 9.6
TALOS-2020-1179 phpGACL database multiple SQL injection vulnerabilities 2021-01-27 CVE-2020-13566, CVE-2020-13568 8.8
TALOS-2020-1180 OpenEMR GACL cross-site request forgery vulnerability 2021-01-27 CVE-2020-13569 8.8
TALOS-2020-1178 phpGACL return_page redirection open redirect vulnerability 2021-01-27 CVE-2020-13565 6.1
TALOS-2020-1194 Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability 2021-01-26 CVE-2020-13583 8.6
TALOS-2020-1193 Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability 2021-01-26 CVE-2020-13582 8.6
TALOS-2020-1174 FreyrSCADA IEC-60879-5-104 server simulator traffic logging denial-of-service vulnerability 2021-01-11 CVE--2020-13559 5.9
TALOS-2020-1184 Rockwell Automation RSLinx classic ethernet/IP server denial-of-service vulnerability 2021-01-07 CVE-2020-13573 7.5
TALOS-2020-1186 Genivia gSOAP WS-Addressing plugin denial-of-service vulnerability 2021-01-05 CVE-2020-13575 7.5
TALOS-2020-1161 SoftMaker Office TextMaker Document Record 0x001f sign-extension vulnerability 2021-01-05 CVE-2020-13544 8.8
TALOS-2020-1187 Genivia gSOAP WS-Addressing plugin code execution vulnerability 2021-01-05 CVE-2020-13576 9.8
TALOS-2020-1163 SoftMaker Office TextMaker Document Record 0x002a integer overflow vulnerability 2021-01-05 CVE-2020-13546 8.8
TALOS-2020-1189 Genivia gSOAP WS-Security plugin denial-of-service vulnerability 2021-01-05 CVE-2020-13578 7.5
TALOS-2020-1185 Genivia gSOAP WS-Security plugin denial-of-service vulnerability 2021-01-05 CVE-2020-13574 7.5
TALOS-2020-1162 SoftMaker Office TextMaker Document Record 0x003f integer conversion vulnerability 2021-01-05 CVE-2020-13545 8.8
TALOS-2020-1188 Genivia gSOAP WS-Security plugin denial-of-service vulnerability 2021-01-05 CVE-2020-13577 7.5
TALOS-2020-1151 Win-911 mobile server platform privilege escalation vulnerability 2021-01-04 CVE-2020-13541 9.3
TALOS-2020-1150 Win-911 Enterprise Platform privilege escalation vulnerability 2021-01-04 CVE-2020-13539, CVE-2020-13540 9.3
TALOS-2020-1141 Microsoft Azure Sphere networkd mdns denial-of-service vulnerability 2020-12-18 -- 5.9
TALOS-2020-1136 Lantronix XPort EDGE Web Manager and telnet CLI cleartext transmission of sensitive information vulnerability 2020-12-16 CVE-2020-13528 3.1
TALOS-2020-1135 Lantronix XPort EDGE Web Manager CSRF vulnerability 2020-12-16 CVE-2020-13527 4.8
TALOS-2020-1115 NZXT CAM WinRing0x64 driver IRP 0x9c402084 information disclosure vulnerability 2020-12-16 CVE-2020-13518 6.5
TALOS-2020-1114 NZXT CAM WinRing0x64 Driver IRP 0x9c406104 information disclosure vulnerability 2020-12-16 CVE-2020-13517 6.5
TALOS-2020-1116 NZXT CAM WinRing0x64 driver IRP 0x9c402088 privilege escalation vulnerability 2020-12-16 CVE-2020-13519 8.8
TALOS-2020-1110 NZXT CAM WinRing0x64 driver privileged I/O read IRPs information disclosure vulnerability 2020-12-16 CVE-2020-13509, CVE-2020-13511 6.5
TALOS-2020-1112 NZXT CAM WinRing0x64 driver IRP 0x9c40a148 privilege escalation vulnerability 2020-12-16 CVE-2020-13515 8.8
TALOS-2020-1111 NZXT CAM WinRing0x64 Driver Privileged I/O Write IRPs Privilege Escalation Vulnerability 2020-12-16 CVE-2020-13512, CVE-2020-13513, CVE-2020-13514 8.8
TALOS-2020-1147 Kepware LinkMaster Service privilege escalation vulnerability 2020-12-16 CVE-2020-13535 9 .3
TALOS-2020-1113 NZXT CAM WinRing0x64 driver IRP 0x9c406144 information disclosure vulnerability 2020-12-16 CVE-2020-13516 6.5
TALOS-2020-1166 Foxit Reader Javascript Field fileSelect Use After Free Vulnerability 2020-12-09 CVE-2020-13548 8.0
TALOS-2020-1165 Foxit Reader JavaScript media openPlayer type confusion vulnerability 2020-12-09 CVE-2020-13547 8.8
TALOS-2020-1171 Foxit Reader JavaScript choice field use-after-free vulnerability 2020-12-09 CVE-2020-13557 8.8
TALOS-2020-1175 Foxit Reader JavaScript choice field format event use-after-free vulnerability 2020-12-09 CVE-2020-13560 8.8
TALOS-2020-1181 Foxit Reader JavaScript remove template use-after-free vulnerability 2020-12-09 CVE-2020-13570 7.5
TALOS-2020-1144 Schneider Electric EcoStruxure Control Expert APX project file processing code execution vulnerability 2020-12-08 CVE-2020-7560 8.6
TALOS-2020-1153 Microsoft Office ElementType code execution vulnerability 2020-12-08 CVE-2020-17123 8.8
TALOS-2020-1140 Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability 2020-12-08 CVE-2020-7559 10.0
TALOS-2020-1143 EIP Stack Group OpENer ethernet/IP server denial-of-service vulnerability 2020-12-02 CVE-2020-13530 7.5
TALOS-2020-1170 EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability 2020-12-02 CVE-2020-13556 9.8
TALOS-2020-1195 Webkit ImageDecoderGStreamer use-after-free vulnerability 2020-11-30 CVE-2020-13584 8.8
TALOS-2020-1155 Webkit WebSocket code execution vulnerability 2020-11-30 CVE-2020-13543 8.8
TALOS-2020-1126 ProcessMaker sort parameter multiple SQL Injection Vulnerabilities 2020-11-17 CVE-2020-13525, CVE-2020-13526 6.4
TALOS-2020-1094 Pixar OpenUSD binary file format compressed sections code execution vulnerabilities 2020-11-12 CVE-2020-6147, CVE-2020-6148, CVE-2020-6149, CVE-2020-6150, CVE-2020-6156, CVE-2020-13493 8.8
TALOS-2020-1145 Pixar OpenUSD SDF layer path remote code execution 2020-11-12 CVE-2020-13531 8.8
TALOS-2020-1120 Pixar OpenUSD Binary File Format Decompressed Path Rebuilding Memory corruption 2020-11-12 CVE-2020-13520 8.8
TALOS-2020-1125 Pixar OpenUSD binary file format specs memory corruption 2020-11-12 CVE-2020-13524 6.3
TALOS-2020-1103 Pixar OpenUSD Binary File Format Token Strings Information Leak Vulnerability 2020-11-12 CVE-2020-13494 4.3
TALOS-2020-1105 Pixar OpenUSD binary file format index type values information leak vulnerability 2020-11-12 CVE-2020-13498,CVE-2020-13496,CVE-2020-13497 4.3
TALOS-2020-1101 Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities 2020-11-12 CVE-2020-6155 8.8
TALOS-2020-1104 Pixar OpenUSD binary file format offset seek information leak vulnerability 2020-11-12 CVE-2020-9973 4.3
TALOS-2020-1154 LogicalDoc installation privilege escalation vulnerability 2020-11-10 CVE-2020-13542 9.3
TALOS-2020-1032 BIMx Desktop Viewer Resource Parsing Integer Overflow Vulnerability 2020-11-06 CVE-2020-6099 8.8
TALOS-2020-1156 Adobe Acrobat Reader DC form field format use after free 2020-11-05 CVE-2020-24437 8.8
TALOS-2020-1157 Adobe Acrobat Reader DC JavaScript submitForm heap buffer overflow redux 2020-11-05 CVE-2020-24435 8.8
TALOS-2020-1148 Moxa MXView series installation privilege escalation vulnerability 2020-11-03 CVE-2020-13537,CVE-2020-13536 9.3
TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability 2020-10-30 CVE-2020-27658 7.5
TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability 2020-10-29 CVE-2020-27651 8.3
TALOS-2020-1064 Synology QuickConnect servers network misconfiguration vulnerability 2020-10-29 -- 6.5
TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability 2020-10-29 CVE-2020-27653 8.3
TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability 2020-10-29 None 8.3
TALOS-2020-1066 Synology SRM QuickConnect iptables network misconfiguration vulnerability 2020-10-29 CVE-2020-27655 6.5
TALOS-2020-1065 Synology SRM lbd service Command Execution Vulnerability 2020-10-29 CVE-2020-27654, CVE-2020-11117 9.6
TALOS-2020-1071 Synology SRM dnsExit DDNS provider information disclosure vulnerability 2020-10-29 CVE-2020-27656-CVE-2020-27657 4.0
TALOS-2020-1058 Synology SRM QuickConnect authentication Information Disclosure Vulnerability 2020-10-29 CVE-2020-27649 8.3
TALOS-2020-1123 Google Chrome DrawElementsInstanced information leak vulnerability 2020-10-22 CVE-2020-6555 6.8
TALOS-2020-1127 Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability 2020-10-20 CVE-2020-6542 8.3
TALOS-2020-1047 F2fs-Tools F2fs.Fsck Multiple Devices Code Execution Vulnerability 2020-10-14 CVE-2020-6105 8.2
TALOS-2020-1048 F2fs-Tools F2fs.Fsck init_node_manager Information Disclosure Vulnerability 2020-10-14 CVE-2020-6106 4.4
TALOS-2020-1050 F2fs-Tools F2fs.Fsck fsck_chk_orphan_node Code Execution Vulnerability 2020-10-14 CVE-2020-6108 8.2
TALOS-2020-1049 F2fs-Tools F2fs.Fsck dev_read Information Disclosure Vulnerability 2020-10-14 CVE-2020-6107 4.4
TALOS-2020-1046 F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure Vulnerability 2020-10-14 CVE-2020-6104 4.4
TALOS-2020-1006 Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Logical Segment Denial of Service Vulnerability 2020-10-13 CVE-2020-6084, CVE-2020-6085 7.5
TALOS-2020-1005 Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Port Segment Denial of Service Vulnerability 2020-10-13 CVE-2020-6083 7.5
TALOS-2020-1102 AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability 2020-10-13 CVE-2020-12933 7.1
TALOS-2020-1007 Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Data Segment Denial of Service Vulnerability 2020-10-13 CVE-2020-6086, CVE-2020-6087 7.5
TALOS-2020-1057 Allen-Bradley MicroLogix 1100 programmable logic controller systems IPv4 denial-of-service vulnerability 2020-10-13 CVE-2020-6111 7.5
TALOS-2020-1119 AMD ATIKMDAG.SYS D3DKMTCreateAllocation handler denial-of-service vulnerability 2020-10-07 CVE-2020-12911 7.1
TALOS-2020-1124 Apple Safari/Webkit aboutBlankURL() code execution vulnerability 2020-09-30 CVE-2020-9951 8.8
TALOS-2020-1038 NVIDIA D3D10 Driver nvwgf2umx_cfg.dll nvwg DCL_CONSTANT_BUFFER code execution vulnerability 2020-09-30 CVE‑2020‑5981 8.5
TALOS-2020-1034 NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MOV_SAT code execution vulnerability 2020-09-30 CVE‑2020‑5981 8.5
TALOS-2020-1037 NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MUL code execution vulnerability 2020-09-30 CVE‑2020‑5981 8.5
TALOS-2020-1035 NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MOV code execution vulnerability 2020-09-30 CVE‑2020‑5981 8.5
TALOS-2020-1139 Microsoft Azure Sphere Pluton SIGN_WITH_TENANT_ATTESTATION_KEY memory corruption vulnerability 2020-09-23 None 9.3
TALOS-2020-1134 Microsoft Azure Sphere Normal World application PACKET_MMAP unsigned code execution vulnerability 2020-09-23 None 5.5
TALOS-2020-1129 Microsoft Azure Sphere Littlefs Quota denial of service vulnerability 2020-09-23 CVE-2020-16986 9.0
TALOS-2020-1106 Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities 2020-09-23 CVE-2020-13501,CVE-2020-13499,CVE-2020-13500 9.8
TALOS-2020-1130 Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability 2020-09-23 None 7.1
TALOS-2020-1068 Nitro Pro XRefTable Entry Missing Object Code Execution Vulnerability 2020-09-15 CVE-2020-6115 8.8
TALOS-2020-1063 Nitro Pro PDF Object Stream Parsing Number of Objects Remote Code Execution Vulnerability 2020-09-15 CVE-2020-6113 8.8
TALOS-2020-1062 Nitro Pro PDF JPEG2000 Stripe Sub-sample Decoding Out-of-bounds Write Code Execution Vulnerability 2020-09-15 CVE-2020-6112 8.8
TALOS-2020-1084 Nitro Pro PDF ICCBased ColorSpace Stroke Color Code Execution Vulnerability 2020-09-15 CVE-2020-6146 8.8
TALOS-2020-1070 Nitro Pro Indexed ColorSpace Rendering Code Execution Vulnerability 2020-09-15 CVE-2020-6116 8.8
TALOS-2020-1092 Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability 2020-09-14 CVE-2020-6513 6.3
TALOS-2020-1098 Microsoft Windows 10 CLFS.sys ValidateRegionBlocks privilege escalation vulnerability 2020-09-08 CVE-2020-1115 8.8
TALOS-2020-1095 Accusoft ImageGear TIFF handle_COMPRESSION_PACKBITS memory corruption vulnerability 2020-09-01 CVE-2020-6151 8.1
TALOS-2020-1096 Accusoft ImageGear DICOM parse_dicom_meta_info code execution vulnerability 2020-09-01 CVE-2020-6152 9.8
TALOS-2020-1076 OS4Ed openSIS course_period_id parameter multiple SQL injection vulnerabilities 2020-08-31 CVE-2020-6129, CVE-2020-6130, CVE-2020-6131 6.4
TALOS-2020-1083 OS4Ed openSIS install remote code execution vulnerability 2020-08-31 CVE-2020-6143, CVE-2020-6144 10.0
TALOS-2020-1074 OS4Ed openSIS GetSchool.php SQL injection Vulnerability 2020-08-31 CVE-2020-6125 6.4
TALOS-2020-1079 OS4Ed openSIS DownloadWindow.php SQL injection vulnerability 2020-08-31 CVE-2020-6136 6.4
TALOS-2020-1080 OS4Ed openSIS Password Reset Multiple SQL injection vulnerabilities 2020-08-31 CVE-2020-6137, CVE-2020-6138, CVE-2020-6139, CVE-2020-6140 9.8
TALOS-2020-1077 OS4Ed openSIS id parameter multiple SQL injection vulnerabilities 2020-08-31 CVE-2020-6132, CVE-2020-6133, CVE-2020-6134 6.4
TALOS-2020-1078 OS4Ed openSIS Validator.php SQL injection vulnerability 2020-08-31 CVE-2020-6135 6.4
TALOS-2020-1072 OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability 2020-08-31 CVE-2020-6117,CVE-2020-6119,CVE-2020-6121,CVE-2020-6118,CVE-2020-6120,CVE-2020-6122