Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-37661 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negati... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37662 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBest... | 7.1 | HIGH | β | 0 |
| CVE-2021-37664 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal argu... | 7.3 | HIGH | β | 0 |
| CVE-2021-37700 @github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contai... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-38366 Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packa... | 8.8 | HIGH | β | 0 |
| CVE-2021-29377 Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/c... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31556 An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31698 Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31731 A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html par... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-37648 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null po... | 7.8 | HIGH | β | 0 |
| CVE-2021-37652 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an at... | 7.8 | HIGH | β | 0 |
| CVE-2021-37666 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensor... | 7.8 | HIGH | β | 0 |
| CVE-2021-37667 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncod... | 7.8 | HIGH | β | 0 |
| CVE-2021-37671 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `t... | 7.8 | HIGH | β | 0 |
| CVE-2021-37675 TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability wh... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37676 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEm... | 7.8 | HIGH | β | 0 |
| CVE-2021-37347 Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | 7.8 | HIGH | β | 0 |
| CVE-2021-37680 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://g... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37681 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/t... | 7.8 | HIGH | β | 0 |
| CVE-2021-37686 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinit... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37688 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a ... | 7.8 | HIGH | β | 0 |
| CVE-2021-37348 Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | 7.5 | HIGH | β | 0 |
| CVE-2021-37689 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a ... | 7.8 | HIGH | β | 0 |
| CVE-2021-37663 TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via bind... | 7.8 | HIGH | β | 0 |
| CVE-2021-37665 TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined beha... | 7.8 | HIGH | β | 0 |
| CVE-2021-37668 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by tr... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37669 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37670 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal argu... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37672 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal argu... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37673 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37674 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by m... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-23791 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-37677 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of serv... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37678 TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model fro... | 9.3 | CRITICAL | β | 0 |
| CVE-2021-37679 TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `Rag... | 7.1 | HIGH | β | 0 |
| CVE-2021-37682 TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://git... | 4.4 | MEDIUM | β | 0 |
| CVE-2021-37349 Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | 7.8 | HIGH | β | 0 |
| CVE-2021-37683 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorf... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37684 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for d... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37685 TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37687 TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-23793 Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1. | 7.1 | HIGH | β | 0 |
| CVE-2021-37691 TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](htt... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37692 TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_T... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-38602 PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-38603 PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-38614 Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the main... | 7.5 | HIGH | β | 0 |
| CVE-2021-37350 Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-23794 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.