Total
10028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37673 | 1 Google | 1 Tensorflow | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the `key` input is a valid non-empty tensor. We have patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29433 | 1 Matrix | 1 Sydent | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability is in version 2.3.0. No workarounds are known to exist. | |||||
| CVE-2021-37586 | 1 Mitel | 1 Interaction Recording | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation. | |||||
| CVE-2021-21533 | 1 Dell | 1 Wyse Management Suite | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details | |||||
| CVE-2021-0511 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | |||||
| CVE-2021-21394 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | |||||
| CVE-2021-39186 | 1 Miraheze | 1 Globalnewfiles | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible. | |||||
| CVE-2021-3655 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. | |||||
| CVE-2021-32471 | 1 Mit | 1 Universal Turing Machine | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications." | |||||
| CVE-2018-1110 | 1 Nic | 1 Knot Resolver | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. | |||||
| CVE-2021-0070 | 1 Intel | 2 Efi Bios 7215, Server Board M10jnp2sb | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| Improper input validation in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access. | |||||
| CVE-2021-27388 | 1 Siemens | 6 Sinamics Sl150, Sinamics Sl150 Firmware, Sinamics Sm150 and 3 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). | |||||
| CVE-2021-27638 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-5321 | 1 Dell | 2 Emc Openmanage Enterprise, Emc Openmanage Enterprise-modular | 2024-02-04 | 5.5 MEDIUM | 7.6 HIGH |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to spawn tasks with elevated privileges. | |||||
| CVE-2020-11261 | 1 Qualcomm | 798 Apq8009, Apq8009 Firmware, Apq8009w and 795 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-8700 | 2 Intel, Netapp | 546 Bios, Core I3-l13g4, Core I5-l16g7 and 543 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-23906 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2024-02-04 | 2.1 LOW | 6.8 MEDIUM |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2021-0418 | 1 Google | 1 Android | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706. | |||||
| CVE-2021-35041 | 1 Fisco-bcos | 1 Fisco-bcos | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951 | |||||
| CVE-2021-1524 | 1 Cisco | 1 Meeting Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition. | |||||