Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23595 | 1 Google | 1 Tensorflow | 2022-02-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23593 | 1 Google | 1 Tensorflow | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. | |||||
| CVE-2022-23591 | 1 Google | 1 Tensorflow | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23581 | 1 Google | 1 Tensorflow | 2022-02-09 | 5.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23580 | 1 Google | 1 Tensorflow | 2022-02-09 | 5.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23579 | 1 Google | 1 Tensorflow | 2022-02-09 | 5.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2021-43841 | 1 Xwiki | 1 Xwiki | 2022-02-09 | 3.5 LOW | 5.4 MEDIUM |
| XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn't allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files. | |||||
| CVE-2021-42320 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2022-02-09 | 3.5 LOW | 5.7 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. | |||||
| CVE-2021-40696 | 2022-02-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-33833 | 2 Debian, Intel | 2 Debian Linux, Connection Manager | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). | |||||
| CVE-2021-30949 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2022-02-09 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-23157 | 1 We-con | 1 Levistudiou | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-3641 | 2 Bitdefender, Microsoft | 2 Gravityzone, Windows | 2022-02-09 | 3.6 LOW | 6.1 MEDIUM |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. | |||||
| CVE-2021-22285 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. | |||||
| CVE-2022-21371 | 1 Oracle | 1 Weblogic Server | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-9380 | 1 Open-emr | 1 Openemr | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | |||||
| CVE-2022-23379 | 1 Emlog | 1 Emlog | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | |||||
| CVE-2021-23138 | 1 We-con | 1 Levistudiou | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | |||||
| CVE-2022-23557 | 1 Google | 1 Tensorflow | 2022-02-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2021-29219 | 1 Hpe | 14 Flexnetwork 5130 Jg932a, Flexnetwork 5130 Jg932a Firmware, Flexnetwork 5130 Jg933a and 11 more | 2022-02-09 | 4.6 MEDIUM | 7.8 HIGH |
| A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. | |||||