Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-36926 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2021-36927 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-36932 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2020-20990 A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-36933 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2021-36937 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-36938 Windows Cryptographic Primitives Library Information Disclosure Vulnerability | 5.5 | MEDIUM | β | 0 |
| CVE-2021-36940 Microsoft SharePoint Server Spoofing Vulnerability | 7.6 | HIGH | β | 0 |
| CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | 5.4 | MEDIUM | β | 0 |
| CVE-2021-36947 Windows Print Spooler Remote Code Execution Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2021-36949 Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | 7.1 | HIGH | β | 0 |
| CVE-2021-36950 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 | MEDIUM | β | 0 |
| CVE-2021-36982 AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parame... | 8.1 | HIGH | β | 0 |
| CVE-2020-22403 Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | 8.8 | HIGH | β | 0 |
| CVE-2021-37636 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implemen... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37640 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception.... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37642 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implement... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37653 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implemen... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-36363 Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37660 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that w... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-18458 Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | 8.0 | HIGH | β | 0 |
| CVE-2020-18460 Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. | 8.8 | HIGH | β | 0 |
| CVE-2020-18462 File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | 7.2 | HIGH | β | 0 |
| CVE-2020-18463 Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. | 2.4 | LOW | β | 0 |
| CVE-2020-18464 Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. | 3.5 | LOW | β | 0 |
| CVE-2021-37637 TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. T... | 7.7 | HIGH | β | 0 |
| CVE-2021-28121 Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37638 TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference... | 7.7 | HIGH | β | 0 |
| CVE-2021-37639 TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null poin... | 8.4 | HIGH | β | 0 |
| CVE-2021-37643 TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer derefere... | 7.7 | HIGH | β | 0 |
| CVE-2021-37647 TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation ... | 7.7 | HIGH | β | 0 |
| CVE-2021-28890 J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37649 TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://githu... | 7.7 | HIGH | β | 0 |
| CVE-2021-37704 PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-33056 Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. | 7.5 | HIGH | β | 0 |
| CVE-2021-33199 In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37599 The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37635 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of he... | 7.3 | HIGH | β | 0 |
| CVE-2021-37641 TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read ... | 7.3 | HIGH | β | 0 |
| CVE-2021-37644 TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the ru... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37645 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue ca... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37650 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can tri... | 7.8 | HIGH | β | 0 |
| CVE-2021-37651 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of boun... | 7.1 | HIGH | β | 0 |
| CVE-2021-37654 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceG... | 7.3 | HIGH | β | 0 |
| CVE-2021-37655 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to... | 7.3 | HIGH | β | 0 |
| CVE-2021-37656 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensor... | 7.1 | HIGH | β | 0 |
| CVE-2021-37657 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `... | 7.1 | HIGH | β | 0 |
| CVE-2021-37658 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `... | 7.1 | HIGH | β | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.