Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26563 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2022-04-26 | 4.6 MEDIUM | 6.7 MEDIUM |
| Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2022-26901 | 1 Microsoft | 6 365 Apps, Excel, Excel Rt and 3 more | 2022-04-26 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24473. | |||||
| CVE-2021-21143 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | |||||
| CVE-2022-26898 | 1 Microsoft | 1 Azure Site Recovery | 2022-04-26 | 6.5 MEDIUM | 7.2 HIGH |
| Azure Site Recovery Remote Code Execution Vulnerability. | |||||
| CVE-2021-26561 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2022-04-26 | 6.8 MEDIUM | 8.1 HIGH |
| Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | |||||
| CVE-2022-26897 | 1 Microsoft | 1 Azure Site Recovery | 2022-04-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26896. | |||||
| CVE-2022-26896 | 1 Microsoft | 1 Azure Site Recovery | 2022-04-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| Azure Site Recovery Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26897. | |||||
| CVE-2022-26831 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| Windows LDAP Denial of Service Vulnerability. | |||||
| CVE-2022-20722 | 1 Cisco | 2 Ios Xe, Ir510 Operating System | 2022-04-25 | 6.8 MEDIUM | 4.9 MEDIUM |
| Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20761 | 1 Cisco | 1 Ios | 2022-04-25 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation. | |||||
| CVE-2021-32434 | 3 Abcm2ps Project, Debian, Fedoraproject | 3 Abcm2ps, Debian Linux, Fedora | 2022-04-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. | |||||
| CVE-2021-3700 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2022-04-25 | 4.4 MEDIUM | 6.4 MEDIUM |
| A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. | |||||
| CVE-2020-12279 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. | |||||
| CVE-2021-32436 | 3 Abcm2ps Project, Debian, Fedoraproject | 3 Abcm2ps, Debian Linux, Fedora | 2022-04-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
| CVE-2020-12278 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. | |||||
| CVE-2018-8099 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2022-04-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. | |||||
| CVE-2021-32435 | 3 Abcm2ps Project, Debian, Fedoraproject | 3 Abcm2ps, Debian Linux, Fedora | 2022-04-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
| CVE-2021-31875 | 1 Cesanta | 1 Mongooseos Mjs | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. | |||||
| CVE-2021-29934 | 1 Uu Od Project | 1 Uu Od | 2022-04-25 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation. | |||||
| CVE-2021-27271 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438. | |||||
| CVE-2021-27242 | 1 Parallels | 1 Parallels Desktop | 2022-04-25 | 4.6 MEDIUM | 8.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926. | |||||
| CVE-2021-3404 | 3 Fedoraproject, Redhat, Ytnef Project | 3 Fedora, Enterprise Linux, Ytnef | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | |||||
| CVE-2021-3403 | 3 Fedoraproject, Redhat, Ytnef Project | 3 Fedora, Enterprise Linux, Ytnef | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | |||||
| CVE-2021-28280 | 1 Php-fusion | 1 Phpfusion | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML | |||||
| CVE-2021-26951 | 1 Calamine Project | 1 Calamine | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get. | |||||
| CVE-2021-3185 | 1 Freedesktop | 1 Gst-plugins-bad | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. | |||||
| CVE-2021-28170 | 3 Eclipse, Oracle, Quarkus | 4 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 1 more | 2022-04-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | |||||
| CVE-2021-25215 | 6 Debian, Fedoraproject, Isc and 3 more | 25 Debian Linux, Fedora, Bind and 22 more | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. | |||||
| CVE-2021-25214 | 5 Debian, Fedoraproject, Isc and 2 more | 24 Debian Linux, Fedora, Bind and 21 more | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. | |||||
| CVE-2021-27653 | 1 Pega | 1 Infinity | 2022-04-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | |||||
| CVE-2021-29210 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2022-04-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
| CVE-2021-29209 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2022-04-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
| CVE-2021-29208 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2022-04-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | |||||
| CVE-2020-35205 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-35204 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-35203 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-29503 | 1 Hedgedoc | 1 Hedgedoc | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend rendering the script tag as part of the `<head>` section. Unless your instance prevents guests from editing notes, this vulnerability allows unauthenticated attackers to inject JavaScript into notes that allow guest edits. If your instance prevents guests from editing notes, this vulnerability allows authenticated attackers to inject JavaScript into any note pages they have write-access to. This vulnerability is patched in version 1.8.2. As a workaround, one can disable guest edits until the next update. | |||||
| CVE-2021-29614 | 1 Google | 1 Tensorflow | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_length` and wider datatypes. The implementation of the padded version(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc) is buggy due to a confusion about pointer arithmetic rules. First, the code computes(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L61) the width of each output element by dividing the `fixed_length` value to the size of the type argument. The `fixed_length` argument is also used to determine the size needed for the output tensor(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L63-L79). This is followed by reencoding code(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L85-L94). The erroneous code is the last line above: it is moving the `out_data` pointer by `fixed_length * sizeof(T)` bytes whereas it only copied at most `fixed_length` bytes from the input. This results in parts of the input not being decoded into the output. Furthermore, because the pointer advance is far wider than desired, this quickly leads to writing to outside the bounds of the backing data. This OOB write leads to interpreter crash in the reproducer mentioned here, but more severe attacks can be mounted too, given that this gadget allows writing to periodically placed locations in memory. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29591 | 1 Google | 1 Tensorflow | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be replaced by stack overflow due to too many recursive calls. For example, the `While` implementation(https://github.com/tensorflow/tensorflow/blob/106d8f4fb89335a2c52d7c895b7a7485465ca8d9/tensorflow/lite/kernels/while.cc) could be tricked into a scneario where both the body and the loop subgraphs are the same. Evaluating one of the subgraphs means calling the `Eval` function for the other and this quickly exhaust all stack space. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. Please consult our security guide(https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. | |||||
| CVE-2021-29583 | 1 Google | 1 Tensorflow | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The implementation(https://github.com/tensorflow/tensorflow/blob/57d86e0db5d1365f19adcce848dfc1bf89fdd4c7/tensorflow/core/kernels/fused_batch_norm_op.cc) fails to validate that `scale`, `offset`, `mean` and `variance` (the last two only when required) all have the same number of elements as the number of channels of `x`. This results in heap out of bounds reads when the buffers backing these tensors are indexed past their boundary. If the tensors are empty, the validation mentioned in the above paragraph would also trigger and prevent the undefined behavior. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29576 | 1 Google | 1 Tensorflow | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/596c05a159b6fbb9e39ca10b3f7753b7244fa1e9/tensorflow/core/kernels/pooling_ops_3d.cc#L694-L696) does not check that the initialization of `Pool3dParameters` completes successfully. Since the constructor(https://github.com/tensorflow/tensorflow/blob/596c05a159b6fbb9e39ca10b3f7753b7244fa1e9/tensorflow/core/kernels/pooling_ops_3d.cc#L48-L88) uses `OP_REQUIRES` to validate conditions, the first assertion that fails interrupts the initialization of `params`, making it contain invalid data. In turn, this might cause a heap buffer overflow, depending on default initialized values. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-39134 | 3 Npmjs, Oracle, Siemens | 4 Arborist, Npm, Graalvm and 1 more | 2022-04-25 | 4.4 MEDIUM | 7.8 HIGH |
| `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. | |||||
| CVE-2021-29560 | 1 Google | 1 Tensorflow | 2022-04-25 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when `parent_output_index` is shorter than `row_split`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29542 | 1 Google | 1 Tensorflow | 2022-04-25 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to `tf.raw_ops.StringNGrams`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/1cdd4da14282210cc759e468d9781741ac7d01bf/tensorflow/core/kernels/string_ngrams_op.cc#L171-L185) fails to consider corner cases where input would be split in such a way that the generated tokens should only contain padding elements. If input is such that `num_tokens` is 0, then, for `data_start_index=0` (when left padding is present), the marked line would result in reading `data[-1]`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29520 | 1 Google | 1 Tensorflow | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can result in heap buffer overflows. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/4814fafb0ca6b5ab58a09411523b2193fed23fed/tensorflow/core/kernels/conv_grad_shape_utils.cc#L94-L153) assumes that the `input`, `filter_sizes` and `out_backprop` tensors have the same shape, as they are accessed in parallel. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-32613 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-04-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | |||||
| CVE-2021-27397 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287) | |||||
| CVE-2021-29493 | 1 Kennnyshiwa-cogs Project | 1 Kennnyshiwa-cogs | 2022-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable. | |||||
| CVE-2021-3689 | 1 Yiiframework | 1 Yii | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | |||||
| CVE-2021-32809 | 3 Ckeditor, Fedoraproject, Oracle | 10 Ckeditor, Fedora, Application Express and 7 more | 2022-04-25 | 3.5 LOW | 5.4 MEDIUM |
| ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. | |||||