VYPR

CVEs

101,963 total · page 1290 of 2,040

  • CVE-2021-22934HigAug 16, 2021
    risk 0.47cvss 7.2epss 0.05

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

  • CVE-2021-22932HigAug 16, 2021
    risk 0.49cvss 7.5epss 0.00

    An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously…

  • CVE-2021-38758HigAug 16, 2021
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php.

  • CVE-2021-35392HigAug 16, 2021
    risk 0.55cvss 7.5epss 0.83

    Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present…

  • CVE-2021-33193HigAug 16, 2021
    risk 0.04cvss 7.5epss 0.46

    A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

  • CVE-2021-23422HigAug 16, 2021
    risk 0.44cvss 7.8epss 0.01

    This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.

  • CVE-2021-3708HigAug 16, 2021
    risk 0.53cvss 7.8epss 0.25

    D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.

  • CVE-2021-38712HigAug 16, 2021
    risk 0.49cvss 7.5epss 0.01

    OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.

  • CVE-2021-38711HigAug 16, 2021
    risk 0.00cvss 7.5epss 0.01

    In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.

  • CVE-2021-21815HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.00

    A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is…

  • CVE-2021-21814HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.00

    Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed…

  • CVE-2021-21813HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.00

    Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a…

  • CVE-2021-21812HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.00

    A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is…

  • CVE-2021-38623HigAug 13, 2021
    risk 0.49cvss 7.5epss 0.01

    The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.

  • CVE-2021-36793HigAug 13, 2021
    risk 0.49cvss 7.5epss 0.01

    The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.

  • CVE-2021-36792HigAug 13, 2021
    risk 0.47cvss 7.2epss 0.01

    The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.

  • CVE-2021-36786HigAug 13, 2021
    risk 0.49cvss 7.5epss 0.01

    The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.

  • CVE-2020-18759HigAug 13, 2021
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.

  • CVE-2020-18757HigAug 13, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.

  • CVE-2020-18756HigAug 13, 2021
    risk 0.49cvss 7.5epss 0.01

    An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.

  • CVE-2020-18754HigAug 13, 2021
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.

  • CVE-2021-34398HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and…

  • CVE-2021-37349HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.01

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.

  • CVE-2021-37348HigAug 13, 2021
    risk 0.49cvss 7.5epss 0.03

    Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.

  • CVE-2021-37347HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.01

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.

  • CVE-2021-37345HigAug 13, 2021
    risk 0.51cvss 7.8epss 0.01

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.

  • CVE-2021-37343HigAug 13, 2021
    risk 0.62cvss 8.8epss 0.24

    A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.

  • CVE-2021-37695HigAug 13, 2021
    risk 0.41cvss 7.3epss 0.01

    ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could…

  • CVE-2021-38614HigAug 12, 2021
    risk 0.49cvss 7.5epss 0.01

    Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2021-37679HigAug 12, 2021
    risk 0.39cvss 7.1epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output…

  • CVE-2021-37665HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the…

  • CVE-2021-37663HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap…

  • CVE-2021-37689HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of…

  • CVE-2021-37688HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/…

  • CVE-2021-37681HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/…

  • CVE-2021-37676HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/ten…

  • CVE-2021-37671HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tenso…

  • CVE-2021-37667HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de…

  • CVE-2021-37666HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/4…

  • CVE-2021-37652HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The…

  • CVE-2021-37648HigAug 12, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow…

  • CVE-2020-22403HigAug 12, 2021
    risk 0.50cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.

  • CVE-2021-38366HigAug 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.

  • CVE-2021-37664HigAug 12, 2021
    risk 0.40cvss 7.3epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The…

  • CVE-2021-37662HigAug 12, 2021
    risk 0.39cvss 7.1epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in…

  • CVE-2021-37659HigAug 12, 2021
    risk 0.40cvss 7.3epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise…

  • CVE-2021-37658HigAug 12, 2021
    risk 0.39cvss 7.1epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/…

  • CVE-2021-37657HigAug 12, 2021
    risk 0.39cvss 7.1epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten…

  • CVE-2021-37656HigAug 12, 2021
    risk 0.39cvss 7.1epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f2…

  • CVE-2021-37655HigAug 12, 2021
    risk 0.40cvss 7.3epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/ten…