VIR Vulnerability Intelligence Relay

Search

Found 3,768 results in 412ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-20269 low 2.5 FIX arch arch sles rocky 5y ago RHSA-2021:4404: kexec-tools security, bug fix, and enhancement update (Low)
CVE-2020-13987 low 2.5 FIX slesdebian debian rhel 5y ago RHBA-2021:4446: iscsi-initiator-utils bug fix and enhancement update (Low)
CVE-2021-42013 critical 10.0 KEVEXPFIX arch archdebian debian 5y ago It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Al…
CVE-2021-30551 critical 10.0 KEVFIX arch archdebian debian sles 5y ago Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl…
CVE-2021-21148 critical 10.0 KEVFIX arch archdebian debian sles 5y ago Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect m…
CVE-2020-6820 critical 10.0 KEVFIX arch arch slesdebian debian 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unsp…
CVE-2020-6819 critical 10.0 KEVFIX arch arch slesdebian debian 5y ago Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, caus…
CVE-2019-17026 critical 10.0 KEVEXPFIX arch archdebian debian rhel 5y ago Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
CVE-2021-3828 low 2.5 FIX arch archdebian debian 5y ago nltk is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-25740 low 3.1 3.1 FIX arch arch slesdebian debian kubernetes 5y ago A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
CVE-2021-40839 low 2.5 FIX arch archdebian debian 5y ago The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
CVE-2021-25737 low 2.5 FIX arch arch slesdebian debian 5y ago A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or …
CVE-2021-23437 low 2.5 FIX arch arch slesdebian debian 5y ago The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
CVE-2021-37635 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of h…
CVE-2021-37636 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [impleme…
CVE-2021-37637 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. …
CVE-2021-37638 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereferenc…
CVE-2021-37639 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null poi…
CVE-2021-37640 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception…
CVE-2021-37641 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read…
CVE-2021-37642 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implemen…
CVE-2021-37643 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer derefer…
CVE-2021-37644 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the r…
CVE-2021-37645 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue c…
CVE-2021-37646 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by conver…
CVE-2021-37647 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation…
CVE-2021-37648 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null p…
CVE-2021-37649 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://gith…
CVE-2021-37650 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can tr…
CVE-2021-37651 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bou…
CVE-2021-37652 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an a…
CVE-2021-37653 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [impleme…
CVE-2021-37654 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.Resource…
CVE-2021-37655 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments t…
CVE-2021-37656 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso…
CVE-2021-37657 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type …
CVE-2021-37658 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type …
CVE-2021-37659 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operat…
CVE-2021-37660 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that …
CVE-2021-37661 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negat…
CVE-2021-37662 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBes…
CVE-2021-37663 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via bin…
CVE-2021-37664 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37665 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined beh…
CVE-2021-37666 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso…
CVE-2021-37667 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEnco…
CVE-2021-37668 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by t…
CVE-2021-37669 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV…
CVE-2021-37670 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37671 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `…
CVE-2021-37672 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37673 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementatio…
CVE-2021-37674 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by …
CVE-2021-37675 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability w…
CVE-2021-37676 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillE…
CVE-2021-37677 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of ser…
CVE-2021-37678 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model fr…
CVE-2021-37679 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `Ra…
CVE-2021-37680 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://…
CVE-2021-37681 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/…
CVE-2021-37682 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://gi…
CVE-2021-37683 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensor…
CVE-2021-37684 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for …
CVE-2021-37685 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005…
CVE-2021-37687 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d9…
CVE-2021-37686 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infini…
CVE-2021-37688 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a…
CVE-2021-37689 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a…
CVE-2021-37690 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output informa…
CVE-2021-37691 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](ht…
CVE-2021-37692 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_…
CVE-2021-22918 low 2.5 FIX arch arch rockydebian debian 5y ago Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whethe…
CVE-2021-3652 low 2.5 FIX debian debianarch arch sles 5y ago RHSA-2021:3079: 389-ds:1.4 security and bug fix update (Low)
CVE-2021-29063 low 2.5 FIX arch archdebian debian 5y ago A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called.
CVE-2021-36374 low 2.5 FIX debian debianarch arch sles 5y ago Improper Handling of Length Parameter Inconsistency in Apache Ant
CVE-2021-36373 low 2.5 FIX debian debianarch arch sles 5y ago Improper Handling of Length Parameter Inconsistency in Apache Ant
CVE-2021-29957 low 2.5 FIX arch arch sles rocky 5y ago multiple issues in thunderbird
CVE-2021-29956 low 2.5 FIX arch arch sles rocky 5y ago multiple issues in thunderbird
CVE-2021-31542 low 2.5 FIX arch arch slesdebian debian 5y ago In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
CVE-2021-26813 low 2.5 FIX arch archdebian debian 5y ago markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or de…
CVE-2021-29619 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix wi…
CVE-2021-29618 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix w…
CVE-2021-29617 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be includ…
CVE-2021-29616 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorf…
CVE-2021-29615 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/te…
CVE-2021-29614 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_len…
CVE-2021-29613 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in T…
CVE-2021-29612 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation…
CVE-2021-29611 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://g…
CVE-2021-29610 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github…
CVE-2021-29609 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) a…
CVE-2021-29608 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an undefined behavior if input arguments…
CVE-2021-29606 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of `Split_V`(https://github.com/…
CVE-2021-29605 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensor…
CVE-2021-29604 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow…
CVE-2021-29603 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of `ArgMin`/`ArgMax`(https://gi…
CVE-2021-29602 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflo…
CVE-2021-29601 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/b…
CVE-2021-29600 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tenso…
CVE-2021-29599 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `Split` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensor…