This article is contributed. See the original author and article here.
| android — samsung |
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. |
2021-11-05 |
not yet calculated |
CVE-2021-25508
MISC |
| android — samsung |
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers. |
2021-11-05 |
not yet calculated |
CVE-2021-25501
MISC |
| android — samsung |
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. |
2021-11-01 |
not yet calculated |
CVE-2021-25877
MISC
MISC
MISC |
| android — samsung |
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. |
2021-11-05 |
not yet calculated |
CVE-2021-25502
MISC |
| android — samsung |
Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. |
2021-11-05 |
not yet calculated |
CVE-2021-25504
MISC |
android — samsung
|
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators’ session cookies or perform actions as an administrator. |
2021-11-01 |
not yet calculated |
CVE-2021-25876
MISC
MISC
MISC |
android — samsung
|
A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. |
2021-11-05 |
not yet calculated |
CVE-2021-26844
MISC
MISC |
android — samsung
|
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators’ session cookies or perform actions as an administrator. |
2021-11-01 |
not yet calculated |
CVE-2021-25878
MISC
MISC
MISC |
android — samsung
|
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. |
2021-11-05 |
not yet calculated |
CVE-2021-25500
MISC |
android — samsung
|
Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. |
2021-11-05 |
not yet calculated |
CVE-2021-25503
MISC |
android — samsung
|
Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. |
2021-11-05 |
not yet calculated |
CVE-2021-25505
MISC |
android — samsung
|
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. |
2021-11-05 |
not yet calculated |
CVE-2021-25506
MISC |
android — samsung
|
Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization. |
2021-11-05 |
not yet calculated |
CVE-2021-25507
MISC |
android — samsung
|
A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. |
2021-11-05 |
not yet calculated |
CVE-2021-25509
MISC |
android — samsung
|
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. |
2021-11-01 |
not yet calculated |
CVE-2021-25874
MISC
MISC
MISC |
android — samsung
|
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators’ session cookies or perform actions as an administrator. |
2021-11-01 |
not yet calculated |
CVE-2021-25875
MISC
MISC
MISC |
ayacms — ayacms
|
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. |
2021-11-02 |
not yet calculated |
CVE-2020-23686
MISC |
| azeotech — daqfactory |
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account. |
2021-11-05 |
not yet calculated |
CVE-2021-42701
MISC |
azeotech — daqfactory
|
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. |
2021-11-05 |
not yet calculated |
CVE-2021-42543
MISC |
azeotech — daqfactory
|
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory. |
2021-11-05 |
not yet calculated |
CVE-2021-42698
MISC |
azeotech — daqfactory
|
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. |
2021-11-05 |
not yet calculated |
CVE-2021-42699
MISC |
bluez — bluez
|
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. |
2021-11-04 |
not yet calculated |
CVE-2021-43400
MISC |
bookstack — bookstack
|
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
2021-11-05 |
not yet calculated |
CVE-2021-3916
CONFIRM
MISC |
cisco — asyncos
|
A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition. |
2021-11-04 |
not yet calculated |
CVE-2021-34741
CISCO |
cisco — multiple_products
|
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition. |
2021-11-04 |
not yet calculated |
CVE-2021-40127
CISCO |
cisco — policy_suite
|
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. |
2021-11-04 |
not yet calculated |
CVE-2021-40119
CISCO |
cisco — small_business_series_switches
|
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges. |
2021-11-04 |
not yet calculated |
CVE-2021-34739
CISCO |
couchbase — server
|
Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the “@” user credentials of the node processing the UI request. |
2021-11-02 |
not yet calculated |
CVE-2021-42763
MISC
MISC |
couchbase — server
|
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it. |
2021-11-02 |
not yet calculated |
CVE-2021-37842
MISC
MISC |
crypto++ — crypto++
|
Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. |
2021-11-04 |
not yet calculated |
CVE-2021-43398
MISC
MISC |
d-link — dir-823g_devices
|
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. |
2021-11-04 |
not yet calculated |
CVE-2020-25368
MISC
MISC
MISC |
fusionpbx — fusionpbx
|
An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). |
2021-11-05 |
not yet calculated |
CVE-2021-43406
MISC |
fusionpbx — fusionpbx
|
An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. |
2021-11-05 |
not yet calculated |
CVE-2021-43404
MISC |
fusionpbx — fusionpbx
|
An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). |
2021-11-05 |
not yet calculated |
CVE-2021-43405
MISC |
| gitlab — ce/ee |
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from. |
2021-11-05 |
not yet calculated |
CVE-2021-39898
MISC
CONFIRM
MISC |
| gitlab — ce/ee |
In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings. |
2021-11-04 |
not yet calculated |
CVE-2021-39903
MISC
CONFIRM
MISC |
| gitlab — ce/ee |
Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim’s behalf. |
2021-11-05 |
not yet calculated |
CVE-2021-39906
MISC
CONFIRM
MISC |
| gitlab — ce/ee |
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. |
2021-11-05 |
not yet calculated |
CVE-2021-39907
MISC
CONFIRM
MISC |
| gitlab — ce/ee |
An improper access control flaw in GitLab CE/EE since version 13.9 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers |
2021-11-05 |
not yet calculated |
CVE-2021-39911
MISC
CONFIRM |
| gitlab — ce/ee |
A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user |
2021-11-04 |
not yet calculated |
CVE-2021-39914
MISC
CONFIRM |
gitlab — ce/ee
|
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source. |
2021-11-05 |
not yet calculated |
CVE-2021-39895
MISC
CONFIRM
MISC |
gitlab — ce/ee
|
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred |
2021-11-05 |
not yet calculated |
CVE-2021-39897
MISC
CONFIRM
MISC |
gitlab — ce/ee
|
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. |
2021-11-05 |
not yet calculated |
CVE-2021-39901
MISC
CONFIRM
MISC |
gitlab — ce/ee
|
An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request |
2021-11-05 |
not yet calculated |
CVE-2021-39904
CONFIRM
MISC
MISC |
gitlab — ce/ee
|
A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. |
2021-11-05 |
not yet calculated |
CVE-2021-39912
CONFIRM
MISC
MISC |
gitlab — ce/ee
|
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE allows an attacker with local file system access to obtain system root-level privileges |
2021-11-05 |
not yet calculated |
CVE-2021-39913
CONFIRM
MISC |
gitlab — ce/ee
|
Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. |
2021-11-04 |
not yet calculated |
CVE-2021-39902
MISC
MISC
CONFIRM |
gitlab — ce/ee
|
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with |
2021-11-05 |
not yet calculated |
CVE-2021-39905
MISC
CONFIRM
MISC |
gitlab — ee/ee
|
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances |
2021-11-05 |
not yet calculated |
CVE-2021-39909
MISC
MISC
CONFIRM |
gnu_library — glibc
|
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious ” character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. |
2021-11-04 |
not yet calculated |
CVE-2021-43396
MISC |
graphiql — graphiql
|
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than graphiql@1.4.7 are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete. In order for the attack to take place, the user must load a vulnerable schema in graphiql. There are a number of ways that can occur. By default, the schema URL is not attacker-controllable in graphiql or in its suggested implementations or examples, leaving only very complex attack vectors. If a custom implementation of graphiql’s fetcher allows the schema URL to be set dynamically, such as a URL query parameter like ?endpoint= in graphql-playground, or a database provided value, then this custom graphiql implementation is vulnerable to phishing attacks, and thus much more readily available, low or no privelege level xss attacks. The URLs could look like any generic looking graphql schema URL. It should be noted that desktop clients such as Altair, Insomnia, Postwoman, do not appear to be impacted by this. This vulnerability does not impact codemirror-graphql, monaco-graphql or other dependents, as it exists in onHasCompletion.ts in graphiql. It does impact all forks of graphiql, and every released version of graphiql. |
2021-11-04 |
not yet calculated |
CVE-2021-41248
MISC
CONFIRM
MISC |
graphiql — graphql_plyground
|
GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than graphql-playground-react@1.7.28 are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete. In order for the attack to take place, the user must load a malicious schema in graphql-playground. There are several ways this can occur, including by specifying the URL to a malicious schema in the endpoint query parameter. If a user clicks on a link to a GraphQL Playground installation that specifies a malicious server, arbitrary JavaScript can run in the user’s browser, which can be used to exfiltrate user credentials or other harmful goals. If you are using graphql-playground-react directly in your client app, upgrade to version 1.7.28 or later. |
2021-11-04 |
not yet calculated |
CVE-2021-41249
CONFIRM
MISC
MISC |
| grav — grav |
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
2021-11-05 |
not yet calculated |
CVE-2021-3924
CONFIRM
MISC |
hewlett_packard — pagewide_and_officejet
|
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. |
2021-11-03 |
not yet calculated |
CVE-2020-28416
MISC |
ibm — business_automation_workflo
|
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
2021-11-05 |
not yet calculated |
CVE-2021-29753
CONFIRM
XF |
insyde — insydeh2o
|
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges. |
2021-11-03 |
not yet calculated |
CVE-2020-5955
CONFIRM
MISC |
irfanview — irfanview
|
Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8. |
2021-11-05 |
not yet calculated |
CVE-2020-23566
MISC |
irfanview — irfanview
|
Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to “Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea” |
2021-11-05 |
not yet calculated |
CVE-2020-23567
MISC |
irfanview — irfanview
|
Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a “Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850”. |
2021-11-05 |
not yet calculated |
CVE-2020-23565
MISC |
jeedom — jeedom
|
In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials. |
2021-11-01 |
not yet calculated |
CVE-2021-42557
MISC
MISC |
| jenkins — jenkins |
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
2021-11-04 |
not yet calculated |
CVE-2021-21694
CONFIRM |
| jenkins — jenkins |
When creating temporary files, agent-to-controller access to create those files is only checked after they’ve been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
2021-11-04 |
not yet calculated |
CVE-2021-21693
CONFIRM |
| jenkins — jenkins |
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
2021-11-04 |
not yet calculated |
CVE-2021-21695
CONFIRM
MLIST |
| jenkins — jenkins |
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. |
2021-11-04 |
not yet calculated |
CVE-2021-21696
CONFIRM
MLIST |
jenkins — jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. |
2021-11-04 |
not yet calculated |
CVE-2021-21687
CONFIRM |
jenkins — jenkins
|
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check ‘read’ agent-to-controller access permission on the source path, instead of ‘delete’. |
2021-11-04 |
not yet calculated |
CVE-2021-21692
CONFIRM |
jenkins — jenkins
|
Creating symbolic links is possible without the ‘symlink’ agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
2021-11-04 |
not yet calculated |
CVE-2021-21691
CONFIRM |
jenkins — jenkins
|
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. |
2021-11-04 |
not yet calculated |
CVE-2021-21698
CONFIRM
MLIST |
jenkins — jenkins
|
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. |
2021-11-04 |
not yet calculated |
CVE-2021-21686
CONFIRM |
jenkins — jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. |
2021-11-04 |
not yet calculated |
CVE-2021-21685
CONFIRM
MLIST |
jenkins — jenkins
|
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
2021-11-04 |
not yet calculated |
CVE-2021-21689
CONFIRM |
jenkins — jenkins
|
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. |
2021-11-04 |
not yet calculated |
CVE-2021-21697
CONFIRM
MLIST |
jenkins — jenkins
|
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
2021-11-04 |
not yet calculated |
CVE-2021-21690
CONFIRM |
jupyterhub — jupyter_notebooks
|
JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out. |
2021-11-04 |
not yet calculated |
CVE-2021-41247
CONFIRM
MISC |
linux — linux_kernel
|
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. |
2021-11-04 |
not yet calculated |
CVE-2021-43389
MISC
MISC
MISC
MISC
CONFIRM
MLIST |
meross — smart_wi-fi_2_way_wall_switch
|
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app via Http/JSON plain request. |
2021-11-05 |
not yet calculated |
CVE-2021-3774
CONFIRM |
miniftpd — miniftpd
|
A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function. |
2021-11-04 |
not yet calculated |
CVE-2021-42624
MISC |
mozilla — firefox
|
Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. |
2021-11-03 |
not yet calculated |
CVE-2021-35053
MISC |
nec — clusterpro
|
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network. |
2021-11-03 |
not yet calculated |
CVE-2021-20703
MISC |
nec — clusterpro
|
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network. |
2021-11-03 |
not yet calculated |
CVE-2021-20701
MISC |
nec — clusterpro
|
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network. |
2021-11-03 |
not yet calculated |
CVE-2021-20702
MISC |
nec — clusterpro
|
Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network. |
2021-11-03 |
not yet calculated |
CVE-2021-20705
MISC |
nec — clusterpro
|
Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network. |
2021-11-03 |
not yet calculated |
CVE-2021-20704
MISC |
nec — clusterpro
|
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to read files upload via network.. |
2021-11-03 |
not yet calculated |
CVE-2021-20707
MISC |
nec — clusterpro
|
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network. |
2021-11-03 |
not yet calculated |
CVE-2021-20700
MISC |
nec — clusterpro
|
Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network. |
2021-11-03 |
not yet calculated |
CVE-2021-20706
MISC |
obsidian — dataview
|
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases. |
2021-11-04 |
not yet calculated |
CVE-2021-42057
MISC |
owasp — modsecurity_core_rule
|
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. |
2021-11-05 |
not yet calculated |
CVE-2021-35368
CONFIRM
MISC
CONFIRM
MISC |
phpgurukul — hospital_management_system
|
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. |
2021-11-05 |
not yet calculated |
CVE-2021-39411
MISC |
phpgurukul — shopping
|
Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php. |
2021-11-05 |
not yet calculated |
CVE-2021-39412
MISC |
pomerium — pomerium
|
Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user’s claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated. |
2021-11-05 |
not yet calculated |
CVE-2021-41230
CONFIRM
MISC |
pybbcms — topicmapper
|
A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. |
2021-11-01 |
not yet calculated |
CVE-2020-28702
MISC |
python — discord
|
Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0 |
2021-11-05 |
not yet calculated |
CVE-2021-41250
MISC
CONFIRM |
| realtek — rtsupx |
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. |
2021-11-02 |
not yet calculated |
CVE-2021-36923
MISC
MISC |
| realtek — rtsupx |
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device. |
2021-11-02 |
not yet calculated |
CVE-2021-36924
MISC
MISC |
realtek — rtsupx
|
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. |
2021-11-02 |
not yet calculated |
CVE-2021-36922
MISC
MISC |
realtek — rtsupx
|
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. |
2021-11-02 |
not yet calculated |
CVE-2021-36925
MISC
MISC |
sap — business_technology_Platform
|
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default). |
2021-11-05 |
not yet calculated |
CVE-2021-41251
MISC
CONFIRM
MISC |
seo — panel
|
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php. |
2021-11-05 |
not yet calculated |
CVE-2021-39413
MISC |
| seo — remote_clinic |
Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters. |
2021-11-05 |
not yet calculated |
CVE-2021-39416
MISC
MISC
MISC |
sitecore — xp
|
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. |
2021-11-05 |
not yet calculated |
CVE-2021-42237
MISC
MISC
MISC |
sonatype — nexus_repository_manager
|
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. |
2021-11-02 |
not yet calculated |
CVE-2021-42568
MISC
MISC |
| sourcecodester — engineers_online_portal |
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing “<?php system($_GET[“cmd”]); ?>” the attacker can execute commands on the web server with – /admin/uploads/php-webshell?cmd=id. |
2021-11-05 |
not yet calculated |
CVE-2021-42669
MISC
MISC |
sourcecodester — engineers_online_portal
|
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. |
2021-11-05 |
not yet calculated |
CVE-2021-42664
MISC
MISC
MISC |
sourcecodester — engineers_online_portal
|
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. |
2021-11-05 |
not yet calculated |
CVE-2021-42665
MISC
MISC
MISC |
sourcecodester — engineers_online_portal
|
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. |
2021-11-05 |
not yet calculated |
CVE-2021-42666
MISC
MISC
MISC |
sourcecodester — engineers_online_portal
|
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server. |
2021-11-05 |
not yet calculated |
CVE-2021-42668
MISC
MISC |
sourcecodester — engineers_online_portal
|
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization. |
2021-11-05 |
not yet calculated |
CVE-2021-42671
MISC
MISC |
sourcecodester — engineers_online_portal
|
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. |
2021-11-05 |
not yet calculated |
CVE-2021-42670
MISC
MISC |
| sourcecodester — online_event_booking_and_reservation_system |
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. |
2021-11-05 |
not yet calculated |
CVE-2021-42667
MISC
MISC |
sourcecodester — online_event_booking_and_reservation_system
|
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker’s choice. |
2021-11-05 |
not yet calculated |
CVE-2021-42663
MISC
MISC |
| stivasoft — fundraising_script |
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function. |
2021-11-05 |
not yet calculated |
CVE-2020-22225
MISC |
stivasoft — fundraising_script
|
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. |
2021-11-05 |
not yet calculated |
CVE-2020-22226
MISC |
stivasoft — fundraising_script
|
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function. |
2021-11-05 |
not yet calculated |
CVE-2020-22224
MISC |
stivasoft — fundraising_script
|
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function. |
2021-11-05 |
not yet calculated |
CVE-2020-22222
MISC |
stivasoft — fundraising_script
|
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function. |
2021-11-05 |
not yet calculated |
CVE-2020-22223
MISC |
talend — data_catalog
|
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed. |
2021-11-05 |
not yet calculated |
CVE-2021-42837
MISC
CONFIRM |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41223
MISC
CONFIRM |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41214
CONFIRM
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41198
MISC
CONFIRM
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41199
CONFIRM
MISC
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41200
MISC
CONFIRM
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branches of the condition will be cast to `double` and the result would be truncated before the assignment. This result in overflows. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41202
CONFIRM
MISC
MISC
MISC
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41203
CONFIRM
MISC
MISC
MISC
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow’s Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41204
MISC
CONFIRM |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don’t have reproducers and there will be multiple fixes for these issues. These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41206
MISC
MISC
MISC
MISC
CONFIRM
MISC
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41207
CONFIRM
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41212
CONFIRM
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41209
MISC
CONFIRM |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41221
CONFIRM
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow’s Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41225
MISC
CONFIRM |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41226
MISC
CONFIRM |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41227
CONFIRM
MISC
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41218
CONFIRM
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow’s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41228
MISC
CONFIRM |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41222
CONFIRM
MISC |
| tensorflow — tensorflow |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with positive rank (and having `3` as the last dimension). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41215
MISC
CONFIRM |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow’s boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41208
MISC
CONFIRM |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using `AddDim`. However, if the number of elements in the tensor overflows an `int64_t` value, `AddDim` results in a `CHECK` failure which provokes a `std::abort`. Instead, code should use `AddDimWithStatus`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41195
CONFIRM
MISC
MISC
MISC |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow’s implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41196
MISC
CONFIRM
MISC |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41197
CONFIRM
MISC
MISC
MISC
MISC
MISC |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to `true` and never assigns `false`. This results in unitialized variable access if callers assume that `EinsumHelper::ParseEquation()` always sets these flags. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41201
MISC
CONFIRM |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected. |
2021-11-05 |
not yet calculated |
CVE-2021-41220
CONFIRM
MISC |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41219
CONFIRM
MISC |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41205
CONFIRM
MISC |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node). When this is not the case, `parent` is `nullptr` so dereferencing it causes a crash. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41217
MISC
CONFIRM |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41224
MISC
CONFIRM |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41210
MISC
CONFIRM |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing data before the start of a heap buffer. The code allows `axis` to be an optional argument (`s` would contain an `error::NOT_FOUND` error code). Otherwise, it assumes that `axis` is a valid index into the dimensions of the `input` tensor. If `axis` is less than `-1` then this results in a heap OOB read. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected. |
2021-11-05 |
not yet calculated |
CVE-2021-41211
CONFIRM
MISC |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41216
CONFIRM
MISC |
tensorflow — tensorflow
|
TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. |
2021-11-05 |
not yet calculated |
CVE-2021-41213
MISC
CONFIRM |
| vim — vim |
vim is vulnerable to Stack-based Buffer Overflow |
2021-11-05 |
not yet calculated |
CVE-2021-3928
CONFIRM
MISC |
vim — vim
|
vim is vulnerable to Heap-based Buffer Overflow |
2021-11-05 |
not yet calculated |
CVE-2021-3927
CONFIRM
MISC |
worx — automation_suite
|
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. |
2021-11-04 |
not yet calculated |
CVE-2021-34597
CONFIRM |
wp — dsgvo_tools
|
WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question. |
2021-11-05 |
not yet calculated |
CVE-2021-42359
MISC |
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments