Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25661 2021-05-17 N/A N/A
SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a denial-of-service condition on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4’to 22’ (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900, and KTP900F, SIMATIC WinCC Runtime Advanced (All versions prior to v16 Update 4).
CVE-2021-31188 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-05-17 2.1 LOW 5.5 MEDIUM
Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31170.
CVE-2021-31171 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2021-05-17 2.1 LOW 4.4 MEDIUM
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-31181 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2021-05-17 6.5 MEDIUM 8.8 HIGH
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2021-28474 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2021-05-17 6.5 MEDIUM 8.8 HIGH
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-29553 1 Google 1 Tensorflow 2021-05-17 3.6 LOW 7.1 HIGH
TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in `tf.raw_ops.QuantizeAndDequantizeV3`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237) does not validate the value of user supplied `axis` attribute before using it to index in the array backing the `input` argument. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-26419 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2021-05-17 7.6 HIGH 7.5 HIGH
Scripting Engine Memory Corruption Vulnerability
CVE-2021-22673 1 Ti 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more 2021-05-17 6.0 MEDIUM 8.0 HIGH
The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).
CVE-2021-29556 1 Google 1 Tensorflow 2021-05-17 2.1 LOW 5.5 MEDIUM
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/36229ea9e9451dac14a8b1f4711c435a1d84a594/tensorflow/core/kernels/reverse_op.cc#L75-L76) performs a division based on the first dimension of the tensor argument. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-29558 1 Google 1 Tensorflow 2021-05-17 4.6 MEDIUM 7.8 HIGH
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/699bff5d961f0abfde8fa3f876e6d241681fbef8/tensorflow/core/util/sparse/sparse_tensor.h#L528-L530) accesses an array element based on a user controlled offset. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-29560 1 Google 1 Tensorflow 2021-05-17 3.6 LOW 7.1 HIGH
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when `parent_output_index` is shorter than `row_split`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-22675 1 Ti 7 Cc3100 Software Development Kit, Cc3200 Software Development Kit, Simplelink Cc13x0 Software Development Kit and 4 more 2021-05-17 6.5 MEDIUM 7.2 HIGH
The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK versions prior to v4.40.00, CC3200 SDK v1.5.0 and prior, CC3100 SDK v1.3.0 and prior).
CVE-2021-29563 1 Google 1 Tensorflow 2021-05-17 2.1 LOW 5.5 MEDIUM
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-31187 1 Microsoft 1 Windows 10 2021-05-17 7.2 HIGH 7.8 HIGH
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-29566 1 Google 1 Tensorflow 2021-05-17 4.6 MEDIUM 7.8 HIGH
TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to `tf.raw_ops.Dilation2DBackpropInput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for `h_out` and `w_out` are guaranteed to be in range for `out_backprop` (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating `h_in_max`/`w_in_max` and `in_backprop`. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2017-10817 1 Intercom 1 Malion 2021-05-17 7.5 HIGH 9.8 CRITICAL
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.
CVE-2017-10816 1 Intercom 1 Malion 2021-05-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server.
CVE-2021-30174 1 Ruiyanai 1 Cloudiso 2021-05-17 3.5 LOW 5.4 MEDIUM
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
CVE-2021-31185 1 Microsoft 2 Windows 10, Windows Server 2016 2021-05-17 2.1 LOW 5.5 MEDIUM
Windows Desktop Bridge Denial of Service Vulnerability
CVE-2021-31184 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-05-17 2.1 LOW 5.5 MEDIUM
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability