Lista CVE - 2021 / Agosto
Visualizzazione 901 - 1000 di 2087 CVE per Agosto 2021 (Pagina 10 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-36933 | 2021-08-12 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability |
| CVE-2021-36936 | 2021-08-12 | Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2021-36937 | 2021-08-12 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability |
| CVE-2021-36938 | 2021-08-12 | Windows Cryptographic Primitives Library Information Disclosure Vulnerability |
| CVE-2021-36940 | 2021-08-12 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2021-36941 | 2021-08-12 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2021-36942 | 2021-08-12 | Windows LSA Spoofing Vulnerability |
| CVE-2021-36943 | 2021-08-12 | Azure CycleCloud Elevation of Privilege Vulnerability |
| CVE-2021-36945 | 2021-08-12 | Windows 10 Update Assistant Elevation of Privilege Vulnerability |
| CVE-2021-36946 | 2021-08-12 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
| CVE-2021-36947 | 2021-08-12 | Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2021-36948 | 2021-08-12 | Windows Update Medic Service Elevation of Privilege Vulnerability |
| CVE-2021-36949 | 2021-08-12 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability |
| CVE-2021-36950 | 2021-08-12 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2021-36958 | 2021-08-12 | Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2020-18460 | 2021-08-12 | Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. |
| CVE-2021-37637 | 2021-08-12 | Null pointer dereference in `CompressElement` in TensorFlow |
| CVE-2020-18462 | 2021-08-12 | File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. |
| CVE-2020-18463 | 2021-08-12 | Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. |
| CVE-2020-18464 | 2021-08-12 | Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. |
| CVE-2021-37704 | 2021-08-12 | Exposed phpinfo() in PhpFastCache |
| CVE-2021-38366 | 2021-08-12 | Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages... |
| CVE-2021-37655 | 2021-08-12 | Heap OOB in `ResourceScatterUpdate` in TensorFlow |
| CVE-2021-37659 | 2021-08-12 | Out of bounds read via null pointer dereference in TensorFlow |
| CVE-2021-37664 | 2021-08-12 | Heap OOB in boosted trees in TensorFlow |
| CVE-2021-37635 | 2021-08-12 | Heap out of bounds access in sparse reduction operations in TensorFlow |
| CVE-2021-37641 | 2021-08-12 | Heap OOB in `RaggedGather` in TensorFlow |
| CVE-2021-37654 | 2021-08-12 | Heap OOB and CHECK fail in `ResourceGather` in TensorFlow |
| CVE-2021-37644 | 2021-08-12 | `std::abort` raised from `TensorListReserve` in TensorFlow |
| CVE-2021-37599 | 2021-08-12 | The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code... |
| CVE-2021-37700 | 2021-08-12 | Clipboard-based DOM-XSS |
| CVE-2021-33199 | 2021-08-12 | In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. |
| CVE-2021-37658 | 2021-08-12 | Reference binding to nullptr in `MatrixSetDiagV*` ops in TensorFlow |
| CVE-2021-37657 | 2021-08-12 | Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow |
| CVE-2021-37656 | 2021-08-12 | Reference binding to nullptr in `RaggedTensorToSparse` in TensorFlow |
| CVE-2021-33056 | 2021-08-12 | Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. |
| CVE-2021-37662 | 2021-08-12 | Reference binding to nullptr in boosted trees in TensorFlow |
| CVE-2021-37650 | 2021-08-12 | Segfault and heap buffer overflow in `{Experimental,}DatasetToTFRecord` in TensorFlow |
| CVE-2021-37651 | 2021-08-12 | Heap buffer overflow in `FractionalAvgPoolGrad` in TensorFlow |
| CVE-2021-37645 | 2021-08-12 | Integer overflow due to conversion to unsigned in TensorFlow |
| CVE-2021-37661 | 2021-08-12 | Crash caused by integer conversion to unsigned in TensorFlow |
| CVE-2020-20988 | 2021-08-12 | A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expiring... |
| CVE-2020-20989 | 2021-08-12 | A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. |
| CVE-2020-20990 | 2021-08-12 | A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter. |
| CVE-2021-37646 | 2021-08-12 | Bad alloc in `StringNGrams` caused by integer conversion in TensorFlow |
| CVE-2020-36363 | 2021-08-12 | Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. |
| CVE-2021-37652 | 2021-08-12 | Use after free in boosted trees creation in TensorFlow |
| CVE-2021-37648 | 2021-08-12 | Incorrect validation of `SaveV2` inputs in TensorFlow |
| CVE-2021-31731 | 2021-08-12 | A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. |
| CVE-2021-31698 | 2021-08-12 | Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. |
| CVE-2021-31556 | 2021-08-12 | An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob. |
| CVE-2021-37667 | 2021-08-12 | Reference binding to nullptr in unicode encoding in TensorFlow |
| CVE-2021-37666 | 2021-08-12 | Reference binding to nullptr in `RaggedTensorToVariant` in TensorFlow |
| CVE-2021-37671 | 2021-08-12 | Reference binding to nullptr in map operations in TensorFlow |
| CVE-2021-37676 | 2021-08-12 | Reference binding to nullptr in shape inference in TensorFlow |
| CVE-2021-37675 | 2021-08-12 | Division by 0 in most convolution operators in TensorFlow |
| CVE-2021-37680 | 2021-08-12 | Division by zero in TFLite in TensorFlow |
| CVE-2021-29377 | 2021-08-12 | Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles... |
| CVE-2021-37686 | 2021-08-12 | Infinite loop in TensorFlow Lite |
| CVE-2021-28890 | 2021-08-12 | J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the... |
| CVE-2021-28121 | 2021-08-12 | Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. |
| CVE-2021-37688 | 2021-08-12 | Null pointer dereference in TensorFlow Lite |
| CVE-2021-37689 | 2021-08-12 | Null pointer dereference in TensorFlow Lite MLIR optimizations |
| CVE-2021-37681 | 2021-08-12 | Null pointer exception in TensorFlow Lite |
| CVE-2021-38602 | 2021-08-12 | PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content. |
| CVE-2021-38603 | 2021-08-12 | PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. |
| CVE-2021-37685 | 2021-08-12 | Heap OOB in TensorFlow Lite |
| CVE-2021-37687 | 2021-08-12 | Heap OOB in TensorFlow Lite's `Gather*` implementations |
| CVE-2021-38614 | 2021-08-12 | Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by... |
| CVE-2021-37672 | 2021-08-12 | Heap OOB in `SdcaOptimizerV2` in TensorFlow |
| CVE-2021-37679 | 2021-08-12 | Heap OOB in nested `tf.map_fn` with `RaggedTensor`s in TensorFlow |
| CVE-2021-37691 | 2021-08-12 | Division by zero in LSH in TensorFlow Lite |
| CVE-2021-37670 | 2021-08-12 | Heap OOB in `UpperBound` and `LowerBound` in TensorFlow |
| CVE-2021-37668 | 2021-08-12 | Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex` |
| CVE-2021-37684 | 2021-08-12 | Division by zero in TensorFlow Lite pooling operations |
| CVE-2021-37683 | 2021-08-12 | Division by zero in TensorFlow Lite division operations |
| CVE-2021-37677 | 2021-08-12 | Missing validation in shape inference for `Dequantize` in TensorFlow |
| CVE-2021-37665 | 2021-08-12 | Incomplete validation in MKL requantization in TensorFlow |
| CVE-2021-37674 | 2021-08-12 | Incomplete validation in `MaxPoolGrad` in TensorFlow |
| CVE-2021-37682 | 2021-08-12 | Use of unitialized value in TensorFlow Lite |
| CVE-2021-37663 | 2021-08-12 | Incomplete validation in `QuantizeV2` in TensorFlow |
| CVE-2021-37673 | 2021-08-12 | `CHECK`-fail in `MapStage` in TensorFlow |
| CVE-2021-37669 | 2021-08-12 | Crash in NMS ops caused by integer conversion to unsigned in TensorFlow |
| CVE-2021-37692 | 2021-08-12 | Segfault on strings tensors with mistmatched dimensions in TensorFlow |
| CVE-2021-37678 | 2021-08-12 | Arbitrary code execution due to YAML deserialization |
| CVE-2021-37695 | 2021-08-12 | Execution of JavaScript code using malformed HTML in ckeditor |
| CVE-2021-37690 | 2021-08-12 | Use after free and segfault in shape inference functions in TensorFlow |
| CVE-2021-3573 | 2021-08-13 | A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()... |
| CVE-2021-37353 | 2021-08-13 | Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. |
| CVE-2021-37352 | 2021-08-13 | An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially... |
| CVE-2021-37351 | 2021-08-13 | Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. |
| CVE-2021-37350 | 2021-08-13 | Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. |
| CVE-2021-37349 | 2021-08-13 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. |
| CVE-2021-37348 | 2021-08-13 | Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. |
| CVE-2021-37347 | 2021-08-13 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. |
| CVE-2021-37346 | 2021-08-13 | Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). |
| CVE-2021-37345 | 2021-08-13 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. |
| CVE-2021-37344 | 2021-08-13 | Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). |
| CVE-2021-37343 | 2021-08-13 | A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. |
| CVE-2021-31399 | 2021-08-13 | On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack. |