Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-35995 TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a den... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-35996 TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero flo... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-35997 TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of ser... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-35998 TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a d... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-35999 TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dn... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36000 TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the i... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36001 TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of servic... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36002 TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the iss... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36003 TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have pa... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36004 TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have pa... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36005 TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that c... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36011 TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the i... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36012 TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub co... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36014 TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e3... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36015 TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb8... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36016 TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail ins... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-36017 TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-40766 Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36027 TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We hav... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-39211 Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcl... | 3.0 | LOW | — | 0 |
| CVE-2022-39210 Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal fi... | 3.2 | LOW | — | 0 |
| CVE-2022-39212 Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled ... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-40778 A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-39217 some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a... | 5.8 | MEDIUM | — | 0 |
| CVE-2022-3173 Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-3231 Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-39960 The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a gr... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-3232 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | 7.8 | HIGH | — | 0 |
| CVE-2022-40768 drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-25873 The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component. | 4.6 | MEDIUM | — | 0 |
| CVE-2022-40769 profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in... | 7.5 | HIGH | — | 0 |
| CVE-2022-40774 An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-40775 An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0490. | 7.8 | HIGH | — | 0 |
| CVE-2022-2567 The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting a... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-2710 The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the ... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-2753 The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting ... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-2754 The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attac... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2840 The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2958 The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections | 8.8 | HIGH | — | 0 |
| CVE-2022-38341 Safe Software FME Server v2021.2.5 and below does not employ server-side validation. | 7.1 | HIGH | — | 0 |
| CVE-2022-38880 The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3021 The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-3036 The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scr... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-3141 The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters,... | 8.8 | HIGH | — | 0 |
| CVE-2022-3142 The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is p... | 8.8 | HIGH | — | 0 |
| CVE-2022-40067 Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer. | 7.5 | HIGH | — | 0 |
| CVE-2022-40070 Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg. | 7.5 | HIGH | — | 0 |
| CVE-2022-40071 Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.