Total
10028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7863 | 1 Raonwiz | 1 Raon K Upload | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy. | |||||
| CVE-2021-25434 | 1 Linux | 1 Tizen | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode. | |||||
| CVE-2021-20764 | 1 Cybozu | 1 Garoon | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files. | |||||
| CVE-2021-34295 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024) | |||||
| CVE-2021-20761 | 1 Cybozu | 1 Garoon | 2024-02-04 | 3.5 LOW | 2.7 LOW |
| Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege. | |||||
| CVE-2020-7862 | 1 Helpu | 4 Helpuftclient, Helpuftserver, Helpuserver and 1 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process. | |||||
| CVE-2021-33199 | 1 Expressionengine | 1 Expressionengine | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. | |||||
| CVE-2019-11098 | 1 Tianocore | 1 Edk Ii | 2024-02-04 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | |||||
| CVE-2020-7871 | 1 Cnesty | 1 Helpcom | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to. | |||||
| CVE-2021-37665 | 1 Google | 1 Tensorflow | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the `input` tensor. A similar issue occurs in `MklRequantizePerChannelOp`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. We have patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2021-33708 | 1 Kyma-project | 1 Kyma | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. | |||||
| CVE-2021-30917 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30004 | 1 W1.fi | 2 Hostapd, Wpa Supplicant | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | |||||
| CVE-2021-29770 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771. | |||||
| CVE-2021-30589 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. | |||||
| CVE-2020-4981 | 1 Ibm | 1 Spectrum Scale | 2024-02-04 | 3.6 LOW | 6.0 MEDIUM |
| IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541. | |||||
| CVE-2020-15379 | 1 Broadcom | 1 Brocade Sannav | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | |||||
| CVE-2021-31925 | 1 Pexip | 1 Pexip Infinity | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. | |||||
| CVE-2021-27641 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-0481 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189 | |||||