Search
Total
163118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25661 | 2021-05-17 | N/A | N/A | ||
| SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a denial-of-service condition on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7β and 15β (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4βto 22β (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900, and KTP900F, SIMATIC WinCC Runtime Advanced (All versions prior to v16 Update 4). | |||||
| CVE-2021-31188 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-05-17 | 2.1 LOW | 5.5 MEDIUM |
| Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31170. | |||||
| CVE-2021-31171 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-05-17 | 2.1 LOW | 4.4 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2021-31181 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||
| CVE-2021-28474 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2021-29553 | 1 Google | 1 Tensorflow | 2021-05-17 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in `tf.raw_ops.QuantizeAndDequantizeV3`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237) does not validate the value of user supplied `axis` attribute before using it to index in the array backing the `input` argument. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-26419 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2021-05-17 | 7.6 HIGH | 7.5 HIGH |
| Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-22673 | 1 Ti | 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more | 2021-05-17 | 6.0 MEDIUM | 8.0 HIGH |
| The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior). | |||||
| CVE-2021-29556 | 1 Google | 1 Tensorflow | 2021-05-17 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/36229ea9e9451dac14a8b1f4711c435a1d84a594/tensorflow/core/kernels/reverse_op.cc#L75-L76) performs a division based on the first dimension of the tensor argument. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29558 | 1 Google | 1 Tensorflow | 2021-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/699bff5d961f0abfde8fa3f876e6d241681fbef8/tensorflow/core/util/sparse/sparse_tensor.h#L528-L530) accesses an array element based on a user controlled offset. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29560 | 1 Google | 1 Tensorflow | 2021-05-17 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when `parent_output_index` is shorter than `row_split`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-22675 | 1 Ti | 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more | 2021-05-17 | 6.5 MEDIUM | 7.2 HIGH |
| The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior). | |||||
| CVE-2021-29563 | 1 Google | 1 Tensorflow | 2021-05-17 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-31187 | 1 Microsoft | 1 Windows 10 | 2021-05-17 | 7.2 HIGH | 7.8 HIGH |
| Windows WalletService Elevation of Privilege Vulnerability | |||||
| CVE-2021-29566 | 1 Google | 1 Tensorflow | 2021-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to `tf.raw_ops.Dilation2DBackpropInput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for `h_out` and `w_out` are guaranteed to be in range for `out_backprop` (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating `h_in_max`/`w_in_max` and `in_backprop`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2017-10817 | 1 Intercom | 1 Malion | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | |||||
| CVE-2017-10816 | 1 Intercom | 1 Malion | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server. | |||||
| CVE-2021-30174 | 1 Ruiyanai | 1 Cloudiso | 2021-05-17 | 3.5 LOW | 5.4 MEDIUM |
| RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks. | |||||
| CVE-2021-31185 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-05-17 | 2.1 LOW | 5.5 MEDIUM |
| Windows Desktop Bridge Denial of Service Vulnerability | |||||
| CVE-2021-31184 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-05-17 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | |||||