Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-29821 IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus al... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-29856 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-38899 IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575. | 4.4 | MEDIUM | β | 0 |
| CVE-2021-41011 LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a se... | 7.5 | HIGH | β | 0 |
| CVE-2021-32838 Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This... | 7.5 | HIGH | β | 0 |
| CVE-2020-19915 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-16630 TIβs BLE stack caches and reuses the LTKβs property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key cr... | 6.8 | MEDIUM | β | 0 |
| CVE-2020-26301 ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead... | 7.5 | HIGH | β | 0 |
| CVE-2021-39325 The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows a... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41199 TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-fail... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41200 TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41201 TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*outp... | 7.8 | HIGH | β | 0 |
| CVE-2021-41210 TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated arra... | 7.1 | HIGH | β | 0 |
| CVE-2020-22226 Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41203 TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change sa... | 7.8 | HIGH | β | 0 |
| CVE-2021-41204 TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This resul... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41205 TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap... | 7.1 | HIGH | β | 0 |
| CVE-2021-41211 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whe... | 7.1 | HIGH | β | 0 |
| CVE-2023-41857 Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.1... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-41212 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix wi... | 7.1 | HIGH | β | 0 |
| CVE-2021-41214 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The f... | 7.8 | HIGH | β | 0 |
| CVE-2021-41215 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape infe... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41217 TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when no... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-43201 In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-41219 TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. Thi... | 7.8 | HIGH | β | 0 |
| CVE-2021-41223 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFl... | 7.1 | HIGH | β | 0 |
| CVE-2021-41224 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of ... | 7.1 | HIGH | β | 0 |
| CVE-2021-41226 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation betwee... | 7.1 | HIGH | β | 0 |
| CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, βadmin-dismiss-unsubscribeβ, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the pos... | 7.5 | HIGH | β | 0 |
| CVE-2021-41202 TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41206 TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depen... | 7.0 | HIGH | β | 0 |
| CVE-2021-41207 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be in... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-28022 Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. | 7.5 | HIGH | β | 0 |
| CVE-2021-41208 TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of serv... | 8.8 | HIGH | β | 0 |
| CVE-2021-41209 TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41218 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` ... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-22222 Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-22223 Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22224 Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-41862 Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-41213 TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutuall... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41216 TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` conta... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41220 TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to th... | 7.8 | HIGH | β | 0 |
| CVE-2021-41221 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a ... | 7.8 | HIGH | β | 0 |
| CVE-2021-41222 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41225 TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-41227 TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the... | 6.6 | MEDIUM | β | 0 |
| CVE-2021-41228 TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This... | 7.5 | HIGH | β | 0 |
| CVE-2021-24708 The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perf... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-41230 Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_cla... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.