CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-29194 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input a... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29426 Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-29427 Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-29428 Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress. | 4.1 | MEDIUM | — | 0 |
| CVE-2022-1298 The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even ... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-29430 Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. | 4.7 | MEDIUM | — | 0 |
| CVE-2022-29431 Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-29432 Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-li... | 3.4 | LOW | — | 0 |
| CVE-2022-1803 Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. | 6.9 | MEDIUM | — | 0 |
| CVE-2022-29193 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input argum... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-1320 The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attac... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-29195 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29196 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the inpu... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29197 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input a... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29198 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate t... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-33651 Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | MEDIUM | — | 0 |
| CVE-2022-29199 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arg... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29200 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input argumen... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29207 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided t... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-1775 Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29216 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to... | 7.8 | HIGH | — | 0 |
| CVE-2022-29201 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input argum... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29202 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. Th... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29203 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwri... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29205 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29666 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | 7.2 | HIGH | — | 0 |
| CVE-2022-29206 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29208 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass ... | 7.1 | HIGH | — | 0 |
| CVE-2022-31258 In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. | 8.2 | HIGH | — | 0 |
| CVE-2022-29188 Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-29189 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-29190 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 co... | 7.5 | HIGH | — | 0 |
| CVE-2022-29209 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29210 TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a v... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29211 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-1809 Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. | 7.8 | HIGH | — | 0 |
| CVE-2024-38307 Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access. | 7.7 | HIGH | — | 0 |
| CVE-2022-29212 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when load... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29213 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation an... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-29214 NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-29215 RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server cr... | 7.5 | HIGH | — | 0 |
| CVE-2022-1813 OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29222 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-1752 Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | 8.0 | HIGH | — | 0 |
| CVE-2022-31259 The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in va... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31264 Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. | 7.5 | HIGH | — | 0 |
| CVE-2022-31267 Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31268 A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). | 7.5 | HIGH | — | 0 |
| CVE-2024-38310 Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 8.2 | HIGH | — | 0 |
| CVE-2021-41834 JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in ... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.