Vulnerabilities (CVE)

Filtered by CWE-754
Total 352 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29534 1 Google 1 Tensorflow 2024-11-21 2.1 LOW 2.5 LOW
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.SparseConcat`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in `shapes[0]` as dimensions for the output shape. The `TensorShape` constructor(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a `CHECK` operation which triggers when `InitDims`(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use `BuildTensorShapeBase` or `AddDimWithStatus` to prevent `CHECK`-failures in the presence of overflows. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-29533 1 Google 1 Tensorflow 2024-11-21 2.1 LOW 2.5 LOW
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK` failure by passing an empty image to `tf.raw_ops.DrawBoundingBoxes`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses `CHECK_*` assertions instead of `OP_REQUIRES` to validate user controlled inputs. Whereas `OP_REQUIRES` allows returning an error condition back to the user, the `CHECK_*` macros result in a crash if the condition is false, similar to `assert`. In this case, `height` is 0 from the `images` input. This results in `max_box_row_clamp` being negative and the assertion being falsified, followed by aborting program execution. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-29531 1 Google 1 Tensorflow 2024-11-21 2.1 LOW 2.5 LOW
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a `CHECK` fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/e312e0791ce486a80c9d23110841525c6f7c3289/tensorflow/core/kernels/image/encode_png_op.cc#L57-L60) only validates that the total number of pixels in the image does not overflow. Thus, an attacker can send an empty matrix for encoding. However, if the tensor is empty, then the associated buffer is `nullptr`. Hence, when calling `png::WriteImageToBuffer`(https://github.com/tensorflow/tensorflow/blob/e312e0791ce486a80c9d23110841525c6f7c3289/tensorflow/core/kernels/image/encode_png_op.cc#L79-L93), the first argument (i.e., `image.flat<T>().data()`) is `NULL`. This then triggers the `CHECK_NOTNULL` in the first line of `png::WriteImageToBuffer`(https://github.com/tensorflow/tensorflow/blob/e312e0791ce486a80c9d23110841525c6f7c3289/tensorflow/core/lib/png/png_io.cc#L345-L349). Since `image` is null, this results in `abort` being called after printing the stacktrace. Effectively, this allows an attacker to mount a denial of service attack. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
CVE-2021-27568 2 Json-smart Project, Oracle 7 Json-smart-v1, Json-smart-v2, Communications Cloud Native Core Policy and 4 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
CVE-2021-26197 1 Jerryscript 1 Jerryscript 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file.
CVE-2021-26038 1 Joomla 1 Joomla\! 2024-11-21 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
CVE-2021-25525 1 Samsung 1 Pay 2024-11-21 3.3 LOW 2.0 LOW
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.
CVE-2021-25481 2 Google, Samsung 2 Android, Exynos 2024-11-21 4.6 MEDIUM 6.4 MEDIUM
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.
CVE-2021-25425 1 Samsung 1 Health 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.
CVE-2021-23372 1 Mongo-express Project 1 Mongo-express 2024-11-21 5.0 MEDIUM 4.4 MEDIUM
All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.
CVE-2021-22816 1 Schneider-electric 18 Scadapack 312e, Scadapack 312e Firmware, Scadapack 313e and 15 more 2024-11-21 7.8 HIGH 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior
CVE-2021-22747 1 Schneider-electric 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more 2024-11-21 2.1 LOW 3.9 LOW
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746.
CVE-2021-22746 1 Schneider-electric 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more 2024-11-21 2.1 LOW 3.9 LOW
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22747.
CVE-2021-22745 1 Schneider-electric 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more 2024-11-21 2.1 LOW 3.9 LOW
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22746, and CVE-2021-22747.
CVE-2021-22744 1 Schneider-electric 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more 2024-11-21 2.1 LOW 3.9 LOW
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22745, CVE-2021-22746, and CVE-2021-22747.
CVE-2021-22743 1 Schneider-electric 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more 2024-11-21 2.1 LOW 3.9 LOW
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position.
CVE-2021-22742 1 Schneider-electric 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more 2024-11-21 2.1 LOW 3.9 LOW
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position.
CVE-2021-22447 1 Huawei 2 Emui, Magic Ui 2024-11-21 7.8 HIGH 7.5 HIGH
There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22285 1 Abb 4 Pni800, Pni800 Firmware, Spiet800 and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive.
CVE-2021-21773 1 Accusoft 1 Imagegear 2024-11-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.