| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22934 | Hig | 0.47 | 7.2 | 0.05 | Aug 16, 2021 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request. | ||
| CVE-2021-22932 | Hig | 0.49 | 7.5 | 0.00 | Aug 16, 2021 | An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously… | ||
| CVE-2021-38758 | Hig | 0.49 | 7.5 | 0.02 | Aug 16, 2021 | Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. | ||
| CVE-2021-35392 | Hig | 0.55 | 7.5 | 0.83 | Aug 16, 2021 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present… | ||
| CVE-2021-33193 | Hig | 0.04 | 7.5 | 0.46 | Aug 16, 2021 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | ||
| CVE-2021-23422 | — | Hig | 0.44 | 7.8 | 0.01 | Aug 16, 2021 | This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output. | |
| CVE-2021-3708 | Hig | 0.53 | 7.8 | 0.25 | Aug 16, 2021 | D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device. | ||
| CVE-2021-38712 | Hig | 0.49 | 7.5 | 0.01 | Aug 16, 2021 | OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file. | ||
| CVE-2021-38711 | Hig | 0.00 | 7.5 | 0.01 | Aug 16, 2021 | In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. | ||
| CVE-2021-21815 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2021 | A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is… | ||
| CVE-2021-21814 | — | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2021 | Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed… | |
| CVE-2021-21813 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2021 | Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a… | ||
| CVE-2021-21812 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2021 | A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is… | ||
| CVE-2021-38623 | — | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2021 | The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption. | |
| CVE-2021-36793 | — | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2021 | The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output. | |
| CVE-2021-36792 | Hig | 0.47 | 7.2 | 0.01 | Aug 13, 2021 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications. | ||
| CVE-2021-36786 | — | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2021 | The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. | |
| CVE-2020-18759 | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2021 | An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100. | ||
| CVE-2020-18757 | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2021 | An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet. | ||
| CVE-2020-18756 | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2021 | An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area. | ||
| CVE-2020-18754 | Hig | 0.49 | 7.5 | 0.01 | Aug 13, 2021 | An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. | ||
| CVE-2021-34398 | Hig | 0.51 | 7.8 | 0.00 | Aug 13, 2021 | NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and… | ||
| CVE-2021-37349 | Hig | 0.51 | 7.8 | 0.01 | Aug 13, 2021 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | ||
| CVE-2021-37348 | Hig | 0.49 | 7.5 | 0.03 | Aug 13, 2021 | Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | ||
| CVE-2021-37347 | Hig | 0.51 | 7.8 | 0.01 | Aug 13, 2021 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | ||
| CVE-2021-37345 | Hig | 0.51 | 7.8 | 0.01 | Aug 13, 2021 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | ||
| CVE-2021-37343 | Hig | 0.62 | 8.8 | 0.24 | Aug 13, 2021 | A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | ||
| CVE-2021-37695 | Hig | 0.41 | 7.3 | 0.01 | Aug 13, 2021 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could… | ||
| CVE-2021-38614 | Hig | 0.49 | 7.5 | 0.01 | Aug 12, 2021 | Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||
| CVE-2021-37679 | Hig | 0.39 | 7.1 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output… | ||
| CVE-2021-37665 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the… | ||
| CVE-2021-37663 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap… | ||
| CVE-2021-37689 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of… | ||
| CVE-2021-37688 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/… | ||
| CVE-2021-37681 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/… | ||
| CVE-2021-37676 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/ten… | ||
| CVE-2021-37671 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tenso… | ||
| CVE-2021-37667 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de… | ||
| CVE-2021-37666 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/4… | ||
| CVE-2021-37652 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The… | ||
| CVE-2021-37648 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow… | ||
| CVE-2020-22403 | — | Hig | 0.50 | 8.8 | 0.01 | Aug 12, 2021 | Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | |
| CVE-2021-38366 | Hig | 0.57 | 8.8 | 0.03 | Aug 12, 2021 | Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL. | ||
| CVE-2021-37664 | Hig | 0.40 | 7.3 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The… | ||
| CVE-2021-37662 | Hig | 0.39 | 7.1 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in… | ||
| CVE-2021-37659 | Hig | 0.40 | 7.3 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise… | ||
| CVE-2021-37658 | Hig | 0.39 | 7.1 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/… | ||
| CVE-2021-37657 | Hig | 0.39 | 7.1 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten… | ||
| CVE-2021-37656 | Hig | 0.39 | 7.1 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f2… | ||
| CVE-2021-37655 | Hig | 0.40 | 7.3 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/ten… |
- risk 0.47cvss 7.2epss 0.05
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
- risk 0.49cvss 7.5epss 0.00
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously…
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php.
- risk 0.55cvss 7.5epss 0.83
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present…
- risk 0.04cvss 7.5epss 0.46
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
- risk 0.44cvss 7.8epss 0.01
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.
- risk 0.53cvss 7.8epss 0.25
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.
- risk 0.49cvss 7.5epss 0.01
OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.
- risk 0.00cvss 7.5epss 0.01
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.
- risk 0.51cvss 7.8epss 0.00
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is…
- risk 0.51cvss 7.8epss 0.00
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed…
- risk 0.51cvss 7.8epss 0.00
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a…
- risk 0.51cvss 7.8epss 0.00
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is…
- risk 0.49cvss 7.5epss 0.01
The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.
- risk 0.49cvss 7.5epss 0.01
The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
- risk 0.47cvss 7.2epss 0.01
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
- risk 0.49cvss 7.5epss 0.01
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.
- risk 0.49cvss 7.5epss 0.01
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.
- risk 0.49cvss 7.5epss 0.01
An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
- risk 0.51cvss 7.8epss 0.00
NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and…
- risk 0.51cvss 7.8epss 0.01
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.
- risk 0.49cvss 7.5epss 0.03
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
- risk 0.51cvss 7.8epss 0.01
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
- risk 0.51cvss 7.8epss 0.01
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
- risk 0.62cvss 8.8epss 0.24
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
- risk 0.41cvss 7.3epss 0.01
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could…
- risk 0.49cvss 7.5epss 0.01
Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- risk 0.39cvss 7.1epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/ten…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tenso…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/4…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow…
- risk 0.50cvss 8.8epss 0.01
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.
- risk 0.57cvss 8.8epss 0.03
Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.
- risk 0.40cvss 7.3epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The…
- risk 0.39cvss 7.1epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in…
- risk 0.40cvss 7.3epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise…
- risk 0.39cvss 7.1epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/…
- risk 0.39cvss 7.1epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten…
- risk 0.39cvss 7.1epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f2…
- risk 0.40cvss 7.3epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/ten…