| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37654 | Hig | 0.40 | 7.3 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API… | ||
| CVE-2021-37651 | Hig | 0.39 | 7.1 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow… | ||
| CVE-2021-37650 | Hig | 0.44 | 7.8 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The… | ||
| CVE-2021-37641 | Hig | 0.40 | 7.3 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The… | ||
| CVE-2021-37635 | Hig | 0.40 | 7.3 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow… | ||
| CVE-2021-33056 | Hig | 0.00 | 7.5 | 0.01 | Aug 12, 2021 | Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. | ||
| CVE-2021-37649 | Hig | 0.43 | 7.7 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensor… | ||
| CVE-2021-37647 | Hig | 0.43 | 7.7 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer. The… | ||
| CVE-2021-37643 | Hig | 0.43 | 7.7 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after… | ||
| CVE-2021-37639 | Hig | 0.48 | 8.4 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap… | ||
| CVE-2021-37638 | Hig | 0.43 | 7.7 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tens… | ||
| CVE-2021-37637 | Hig | 0.43 | 7.7 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69… | ||
| CVE-2020-18462 | Hig | 0.47 | 7.2 | 0.01 | Aug 12, 2021 | File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | ||
| CVE-2020-18460 | — | Hig | 0.57 | 8.8 | 0.00 | Aug 12, 2021 | Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. | |
| CVE-2020-18458 | Hig | 0.52 | 8.0 | 0.00 | Aug 12, 2021 | Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | ||
| CVE-2021-36982 | Hig | 0.53 | 8.1 | 0.02 | Aug 12, 2021 | AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request. | ||
| CVE-2021-36958 | Hig | 0.53 | 7.8 | 0.32 | Aug 12, 2021 | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install… | ||
| CVE-2021-36949 | Hig | 0.46 | 7.1 | 0.01 | Aug 12, 2021 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | ||
| CVE-2021-36948 | Hig | 0.64 | 7.8 | 0.20 | KEV | Aug 12, 2021 | Windows Update Medic Service Elevation of Privilege Vulnerability | |
| CVE-2021-36947 | Hig | 0.58 | 8.8 | 0.07 | Aug 12, 2021 | Windows Print Spooler Remote Code Execution Vulnerability | ||
| CVE-2021-36945 | Hig | 0.48 | 7.3 | 0.02 | Aug 12, 2021 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | ||
| CVE-2021-36942 | Hig | 0.75 | 7.5 | 0.66 | KEV | Aug 12, 2021 | Windows LSA Spoofing Vulnerability | |
| CVE-2021-36941 | Hig | 0.51 | 7.8 | 0.02 | Aug 12, 2021 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2021-36940 | Hig | 0.50 | 7.6 | 0.04 | Aug 12, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-36937 | Hig | 0.51 | 7.8 | 0.02 | Aug 12, 2021 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | ||
| CVE-2021-36936 | Hig | 0.58 | 8.8 | 0.07 | Aug 12, 2021 | Windows Print Spooler Remote Code Execution Vulnerability | ||
| CVE-2021-36933 | Hig | 0.49 | 7.5 | 0.03 | Aug 12, 2021 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | ||
| CVE-2021-36932 | Hig | 0.49 | 7.5 | 0.03 | Aug 12, 2021 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | ||
| CVE-2021-36927 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2021 | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | ||
| CVE-2021-36926 | Hig | 0.49 | 7.5 | 0.03 | Aug 12, 2021 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | ||
| CVE-2021-36921 | Hig | 0.57 | 8.8 | 0.01 | Aug 12, 2021 | AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request. | ||
| CVE-2021-34537 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2021 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-34536 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2021 | Storage Spaces Controller Elevation of Privilege Vulnerability | ||
| CVE-2021-34535 | Hig | 0.59 | 8.8 | 0.18 | Aug 12, 2021 | Remote Desktop Client Remote Code Execution Vulnerability | ||
| CVE-2021-34533 | Hig | 0.51 | 7.8 | 0.02 | Aug 12, 2021 | Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | ||
| CVE-2021-34530 | Hig | 0.51 | 7.8 | 0.02 | Aug 12, 2021 | Windows Graphics Component Remote Code Execution Vulnerability | ||
| CVE-2021-34524 | Hig | 0.53 | 8.1 | 0.03 | Aug 12, 2021 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | ||
| CVE-2021-34487 | Hig | 0.46 | 7.0 | 0.01 | Aug 12, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2021-34486 | Hig | 0.63 | 7.8 | 0.07 | KEV | Aug 12, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | |
| CVE-2021-34484 | Hig | 0.64 | 7.8 | 0.14 | KEV | Aug 12, 2021 | Windows User Profile Service Elevation of Privilege Vulnerability | |
| CVE-2021-34483 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2021 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2021-34478 | Hig | 0.55 | 7.8 | 0.54 | Aug 12, 2021 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2021-34471 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2021 | Microsoft Windows Defender Elevation of Privilege Vulnerability | ||
| CVE-2021-33762 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2021 | Azure CycleCloud Elevation of Privilege Vulnerability | ||
| CVE-2021-26433 | Hig | 0.49 | 7.5 | 0.03 | Aug 12, 2021 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | ||
| CVE-2021-26431 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2021 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | ||
| CVE-2021-26429 | Hig | 0.50 | 7.7 | 0.00 | Aug 12, 2021 | Azure Sphere Elevation of Privilege Vulnerability | ||
| CVE-2021-26426 | Hig | 0.46 | 7.0 | 0.01 | Aug 12, 2021 | Windows User Account Profile Picture Elevation of Privilege Vulnerability | ||
| CVE-2021-26425 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2021-26423 | Hig | 0.49 | 7.5 | 0.04 | Aug 12, 2021 | .NET Core and Visual Studio Denial of Service Vulnerability |
- risk 0.40cvss 7.3epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API…
- risk 0.39cvss 7.1epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow…
- risk 0.44cvss 7.8epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The…
- risk 0.40cvss 7.3epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The…
- risk 0.40cvss 7.3epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow…
- risk 0.00cvss 7.5epss 0.01
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message.
- risk 0.43cvss 7.7epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensor…
- risk 0.43cvss 7.7epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer. The…
- risk 0.43cvss 7.7epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after…
- risk 0.48cvss 8.4epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap…
- risk 0.43cvss 7.7epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tens…
- risk 0.43cvss 7.7epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69…
- risk 0.47cvss 7.2epss 0.01
File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.
- risk 0.57cvss 8.8epss 0.00
Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content.
- risk 0.52cvss 8.0epss 0.00
Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.
- risk 0.53cvss 8.1epss 0.02
AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.
- risk 0.53cvss 7.8epss 0.32
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…
- risk 0.46cvss 7.1epss 0.01
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
- risk 0.64cvss 7.8epss 0.20
Windows Update Medic Service Elevation of Privilege Vulnerability
- risk 0.58cvss 8.8epss 0.07
Windows Print Spooler Remote Code Execution Vulnerability
- risk 0.48cvss 7.3epss 0.02
Windows 10 Update Assistant Elevation of Privilege Vulnerability
- risk 0.75cvss 7.5epss 0.66
Windows LSA Spoofing Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Word Remote Code Execution Vulnerability
- risk 0.50cvss 7.6epss 0.04
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.51cvss 7.8epss 0.02
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
- risk 0.58cvss 8.8epss 0.07
Windows Print Spooler Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.03
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
- risk 0.49cvss 7.5epss 0.03
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.03
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
- risk 0.57cvss 8.8epss 0.01
AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request.
- risk 0.51cvss 7.8epss 0.00
Windows Bluetooth Driver Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Storage Spaces Controller Elevation of Privilege Vulnerability
- risk 0.59cvss 8.8epss 0.18
Remote Desktop Client Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Windows Graphics Component Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.03
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.63cvss 7.8epss 0.07
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.64cvss 7.8epss 0.14
Windows User Profile Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.55cvss 7.8epss 0.54
Microsoft Office Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.00
Microsoft Windows Defender Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.00
Azure CycleCloud Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.03
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
- risk 0.50cvss 7.7epss 0.00
Azure Sphere Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows User Account Profile Picture Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.04
.NET Core and Visual Studio Denial of Service Vulnerability