Total
9740 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-33708 | 1 Kyma-project | 1 Kyma | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges. | |||||
CVE-2021-35041 | 1 Fisco-bcos | 1 Fisco-bcos | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951 | |||||
CVE-2021-1084 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4). | |||||
CVE-2021-34374 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service. | |||||
CVE-2021-34295 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024) | |||||
CVE-2021-25435 | 1 Linux | 1 Tizen | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode. | |||||
CVE-2021-32697 | 1 Neos | 1 Form | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567 | |||||
CVE-2021-36025 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. An authenticated attacker with admin privileges can leverage this vulnerability to achieve remote code execution. | |||||
CVE-2021-32759 | 1 Openmage | 1 Magento | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for this Issue. | |||||
CVE-2020-11268 | 1 Qualcomm | 86 Apq8009, Apq8016, Apq8074 and 83 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile | |||||
CVE-2021-30917 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
CVE-2020-11178 | 1 Qualcomm | 574 Aqt1000, Aqt1000 Firmware, Ar8031 and 571 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2021-29136 | 2 Linuxfoundation, Sylabs | 2 Umoci, Singularity | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. | |||||
CVE-2021-33660 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FLI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
CVE-2021-33706 | 1 Sap | 1 Infrabox | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | |||||
CVE-2020-26138 | 1 Silverstripe | 1 Silverstripe | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation. | |||||
CVE-2021-20297 | 3 Fedoraproject, Gnome, Redhat | 4 Fedora, Networkmanager, Enterprise Linux and 1 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-37663 | 1 Google | 1 Tensorflow | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that `min_range` and `max_range` both have the same non-zero number of elements. If `axis` is provided (i.e., not `-1`), then validation should check that it is a value in range for the rank of `input` tensor and then the lengths of `min_range` and `max_range` inputs match the `axis` dimension of the `input` tensor. We have patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
CVE-2021-21393 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | |||||
CVE-2021-20761 | 1 Cybozu | 1 Garoon | 2024-02-28 | 3.5 LOW | 2.7 LOW |
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege. |