VYPR
Vendor

Talos Intelligence

Products
6
CVEs
16
Across products
16
Status
Private

Products

6

Recent CVEs

16
  • CVE-2020-28636CriMar 4, 2021
    risk 0.64cvss 9.8epss 0.03

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.

  • CVE-2020-28601CriMar 4, 2021
    risk 0.64cvss 9.8epss 0.03

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this…

  • CVE-2021-21874CriDec 22, 2021
    risk 0.59cvss 9.1epss 0.03

    A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2020-28634HigApr 18, 2022
    risk 0.57cvss 8.8epss 0.02

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious…

  • CVE-2020-28616HigApr 18, 2022
    risk 0.57cvss 8.8epss 0.02

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious…

  • CVE-2020-28612HigApr 18, 2022
    risk 0.57cvss 8.8epss 0.02

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious…

  • CVE-2020-28605HigApr 18, 2022
    risk 0.57cvss 8.8epss 0.02

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious…

  • CVE-2021-21936HigDec 22, 2021
    risk 0.57cvss 8.8epss 0.01

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.

  • CVE-2021-21898HigNov 19, 2021
    risk 0.57cvss 8.8epss 0.03

    A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2020-35635HigAug 30, 2021
    risk 0.57cvss 8.8epss 0.02

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and…

  • CVE-2022-43597HigDec 22, 2022
    risk 0.53cvss 8.1epss 0.02

    Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these…

  • CVE-2021-21813HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.00

    Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a…

  • CVE-2021-21934MedDec 22, 2021
    risk 0.42cvss 6.5epss 0.01

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.

  • CVE-2021-21931MedDec 22, 2021
    risk 0.42cvss 6.5epss 0.01

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

  • CVE-2021-21926MedDec 22, 2021
    risk 0.42cvss 6.5epss 0.01

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter.

  • CVE-2021-21908MedDec 22, 2021
    risk 0.42cvss 6.5epss 0.01

    Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as argv[1]), allowing an authenticated attacker to supply…