Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-21784 3D Builder Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2022-35979 TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35981 TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, th... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35982 TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfa... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35983 TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial o... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35984 TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35985 TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of s... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35986 TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35987 TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different ... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35988 TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of servic... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35989 TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHE... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35990 TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHE... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36018 TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail th... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36019 TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be us... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36026 TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-37247 Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-37251 Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-37258 Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40068 Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand. | 7.5 | HIGH | β | 0 |
| CVE-2022-37709 Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle atta... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-3217 When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a ... | 7.5 | HIGH | β | 0 |
| CVE-2022-40755 JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-40757 A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoki... | 7.5 | HIGH | β | 0 |
| CVE-2022-40758 A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking ... | 7.5 | HIGH | β | 0 |
| CVE-2022-40759 A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACC... | 7.5 | HIGH | β | 0 |
| CVE-2022-1580 The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keyword... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-40760 A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the... | 7.5 | HIGH | β | 0 |
| CVE-2022-40761 The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout,... | 7.5 | HIGH | β | 0 |
| CVE-2022-40762 A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the... | 7.5 | HIGH | β | 0 |
| CVE-2022-35991 TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can ... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36013 TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in Gi... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35992 TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of ser... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35993 TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of servi... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35994 TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. W... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35995 TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a den... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35996 TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero flo... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35997 TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of ser... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35998 TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a d... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-35999 TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dn... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36000 TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the i... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36001 TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of servic... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36002 TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the iss... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36003 TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have pa... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36004 TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have pa... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36005 TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that c... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36011 TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the i... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36012 TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub co... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36014 TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e3... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36015 TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb8... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36016 TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail ins... | 5.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.