Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-42671 An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to ... | 7.5 | HIGH | — | 0 |
| CVE-2021-39411 Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and t... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-39412 Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-3916 bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 6.5 | MEDIUM | — | 0 |
| CVE-2021-3927 vim is vulnerable to Heap-based Buffer Overflow | 7.8 | HIGH | — | 0 |
| CVE-2021-3928 vim is vulnerable to Use of Uninitialized Variable | 7.8 | HIGH | — | 0 |
| CVE-2021-39413 Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-39416 Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) a... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-41849 Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a throug... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-42543 The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. | 7.8 | HIGH | — | 0 |
| CVE-2021-42698 Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of the... | 7.8 | HIGH | — | 0 |
| CVE-2021-42699 The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. | 5.7 | MEDIUM | — | 0 |
| CVE-2021-42701 An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain ... | 5.0 | MEDIUM | — | 0 |
| CVE-2020-23565 Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W... | 7.8 | HIGH | — | 0 |
| CVE-2020-23566 Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-23567 Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea" | 5.5 | MEDIUM | — | 0 |
| CVE-2021-3774 Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remo... | 7.4 | HIGH | — | 0 |
| CVE-2021-29753 IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to una... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42837 An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth p... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43404 An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. | 8.8 | HIGH | — | 0 |
| CVE-2021-43405 An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). | 8.8 | HIGH | — | 0 |
| CVE-2021-43406 An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | 8.8 | HIGH | — | 0 |
| CVE-2021-41195 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41196 TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41197 TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, t... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41198 TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caus... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-22225 Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-41199 TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-fail... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41200 TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41201 TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*outp... | 7.8 | HIGH | — | 0 |
| CVE-2021-41210 TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated arra... | 7.1 | HIGH | — | 0 |
| CVE-2020-22226 Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-41203 TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change sa... | 7.8 | HIGH | — | 0 |
| CVE-2021-41204 TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This resul... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41205 TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap... | 7.1 | HIGH | — | 0 |
| CVE-2021-41211 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whe... | 7.1 | HIGH | — | 0 |
| CVE-2023-41857 Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.1... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-41212 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix wi... | 7.1 | HIGH | — | 0 |
| CVE-2021-41214 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The f... | 7.8 | HIGH | — | 0 |
| CVE-2021-41215 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape infe... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41217 TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when no... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-43201 In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-41219 TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. Thi... | 7.8 | HIGH | — | 0 |
| CVE-2021-41223 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFl... | 7.1 | HIGH | — | 0 |
| CVE-2021-41224 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of ... | 7.1 | HIGH | — | 0 |
| CVE-2021-41226 TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation betwee... | 7.1 | HIGH | — | 0 |
| CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the pos... | 7.5 | HIGH | — | 0 |
| CVE-2021-41202 TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41206 TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depen... | 7.0 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.